How to read audit log?
Scott Ehrlich
scott at MIT.EDU
Tue Sep 25 13:21:59 UTC 2007
As I've reviewed the audit log of a system with audit 1.5.2 installed, I
discovered the format is something I wasn't used to, and performing a man
on auditd, auditctl, and a few others didn't help clarify anything.
Could someone please produce a sample audit log line or two and break down
what each piece means, or direct me to a web page that does so?
I had initially expected some form of date/time stamp, but looking at the
first set of decimal-separated digits couldn't help me decipher a
date/time.
Thanks for any assistance.
Scott
More information about the Linux-audit
mailing list