aureport header question
Steve Grubb
sgrubb at redhat.com
Wed Mar 31 14:32:57 UTC 2010
On Thursday 25 March 2010 10:35:57 pm LC Bruzenak wrote:
> Now see the issue I was trying to illustrate earlier (ending time of
> range in logs; there are definitely events there in that timeframe) :
> [root at audit tmp]# aureport -if audit-mirror/ -i --summary -ts
> yesterday -te 03/26/2010 00:00:00
aureport/search aborts processing an event if the parsing is wrong. There may
be some records with formats that do not match. You might try getting the logs
smaller and smaller until you get a few that reproduce the problem.
> And this is the issue I was questioning.
> Do you think it has been addressed already by possibly newer code than
> I have (1.7.16)?
1.7.17 is the latest. I don't think it addresses this issue.
-Steve
More information about the Linux-audit
mailing list