auditing for RHEL ES4
Bill Tangren
bjt at usno.navy.mil
Fri Nov 16 15:54:40 UTC 2007
I'm running RHEL ES 4 servers, and am having difficulty with aureport. I'm
using audit version 1.0.15-3, the one that comes with the OS. The problem
is that I need daily reports, and it is not doing it. The reports always
cover the entire range of available logs (sometimes gigabytes of data).
The reports can take a LONG time to compile, and it doesn't give me the
daily snapshot I need. I'm thinking of installing the latest tarball and
compiling, as I understand more recent versions of aureport have
implemented time limits. [I've emailed this list before about this.]
My question now is, is it possible to uninstall the prepackaged audit and
audit-lib, and install the latest from source, without seriously hosing my
system?
TIA,
--
Bill Tangren
U.S. Naval Observatory
More information about the Linux-audit
mailing list