On Saturday 18 October 2008 10:58:19 Ed Christiansen wrote: > I have a requirement to archive audits daily. I can use the > audit tools to get all the records for a single day: > > ausearch -ts 10/16/2008 00:00:00 -te 10/16/2008 23:59:60 > > but this returns a processed log entry. Add "--raw" to the ausearch line and you will get unprocessed lines. -Steve