ausearch discrepancies?
LC Bruzenak
lenny at magitekltd.com
Fri Jun 5 12:38:34 UTC 2009
On Fri, 2009-06-05 at 07:53 -0400, Joshua Roys wrote:
> On 06/04/2009 08:37 PM, LC Bruzenak wrote:
>
> Yep, the man page says that if you don't specify the time (and by time,
> it means the hh:mm:ss part of the date-time) it chooses now.
>
> -te, --end [end-date] [end-time]
> Search for events with time stamps equal to or before
> the given end time. The format of end time depends on your locale. If
> the date is omitted,
> today is assumed. *If the time is omitted, now is
> assumed.* Use 24 hour clock time rather than AM or PM to specify
> time. An example date is
> 10/24/2005. An example of time is 18:00:00.
>
> Joshua Roys
OH! I wondered why the last event for yesterday seemed strangely close
to today's time. It didn't occur to me that today's time would matter on
a date in the past.
Thank you! I appreciate the clarification.
LCB.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list