[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Time field not readable

I have had the audit running on multiple system for some time using auditctl version 1.0.14 and everything is working just the way I want it. I have been given a RHEL4u4 system ( which is what the others are) and it havs auditctl version 1.2.1. The time field started out working but ended up  as not readable. It seems to have revered to the message id information instead of the time.


The audit rules files are identical and consist of:


            -b 8192

            -f 2

            -a exit,always –S all –F exit=-13


In version 1.0.4 I can use a line llike

            Ausearch –I –x /usr/bin/passwd | grep USER_CHAUTHTOK  to get password changes whether they pass or fail

                                                                        Which is anouth difference


The main difference, however is that the time, although starting out correctly in 1.2.1 degrades to

            Monday 03,November,2008 ,..403:202


If the two versions are different, can I just replace auditctl 1.2.1 with auditctl 1.0.14 to get this system up quickly? If so, do I need to change any other files?




David A. Kirkwood

david a kirkwood saic com
kirkwoodd saic com

Phone: (727) 502-8310
Fax:   (727) 822-7776


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]