aureport output
Steve Grubb
sgrubb at redhat.com
Fri Nov 2 16:37:27 UTC 2007
On Friday 02 November 2007 12:21:26 pm Bill Tangren wrote:
> Event Report
> ===========================
> # date time event type auid
> ===========================
> 1. 11/01/2007 12:00:00 AM 5844794 SYSCALL -1
The event report is to give you an idea about the distribution of events
occurring on your system. In this case, its a syscall that is failing. To see
the actual record, use "ausearch -ts 11/01/2007 12:00:00 -te 11/01/2007
12:00:01 -a 5844794 -i"
-Steve
More information about the Linux-audit
mailing list