Time field not readable
Kirkwood, David A.
DAVID.A.KIRKWOOD at saic.com
Mon Nov 3 15:50:05 UTC 2008
I have had the audit running on multiple system for some time using
auditctl version 1.0.14 and everything is working just the way I want
it. I have been given a RHEL4u4 system ( which is what the others are)
and it havs auditctl version 1.2.1. The time field started out working
but ended up as not readable. It seems to have revered to the message
id information instead of the time.
The audit rules files are identical and consist of:
-D
-b 8192
-f 2
-a exit,always -S all -F exit=-13
In version 1.0.4 I can use a line llike
Ausearch -I -x /usr/bin/passwd | grep USER_CHAUTHTOK to get
password changes whether they pass or fail
Which is anouth difference
The main difference, however is that the time, although starting out
correctly in 1.2.1 degrades to
Monday 03,November,2008 ,..403:202
If the two versions are different, can I just replace auditctl 1.2.1
with auditctl 1.0.14 to get this system up quickly? If so, do I need to
change any other files?
Thanks
David A. Kirkwood
SAIC
david.a.kirkwood at saic.com
kirkwoodd at saic.com
Phone: (727) 502-8310
Fax: (727) 822-7776
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20081103/4bb6dfc6/attachment.htm>
More information about the Linux-audit
mailing list