auditing for RHEL ES4
Bill Tangren
bjt at usno.navy.mil
Fri Nov 16 16:41:21 UTC 2007
On DATE, the author spaketh: Steve Grubb
> On Friday 16 November 2007 10:54:40 Bill Tangren wrote:
>> The reports always cover the entire range of available logs (sometimes
>> gigabytes of data). The reports can take a LONG time to compile, and it
>> doesn't give me the daily snapshot I need.
>
> Use the -ts and -te commandline options to limit the report range. It
> requires
> the date format to be correct for your locale - iow date "+%x %T". The
> older version does not support words like today or yesterday.
>
I see. So I misunderstood what you said when I asked about this before.
Thanks, Steve!
>
>> I'm thinking of installing the latest tarball and compiling, as I
>> understand
>> more recent versions of aureport have implemented time limits.
>
> The older one does, too.
>
>
>> My question now is, is it possible to uninstall the prepackaged audit
>> and
>> audit-lib, and install the latest from source, without seriously hosing
>> my
>> system?
>
> No, it will not work. RHEL4 (and derivatives) has to use the 1.0.X series
> of
> audit packages.
>
> -Steve
>
--
Bill Tangren
U.S. Naval Observatory
More information about the Linux-audit
mailing list