On Tue, 2008-01-01 at 11:47 -0600, Lance Spitzner wrote: > PS: Is there anyway to configure SELinux/auditd to use regular dates, > as sylogd does? Stop looking at audit logs directly. (I'll leave the policy questions to the policy people, sorry) ausearch -m AVC -i -Eric