Whenever I review audit logs, it is difficult for me to determine if an
account was logged in at an usual day/time because there is no timestamp
next to any entry, at least as I interpret the format. How, then do I
properly and successfully review the audit log entries based on a
date/time stamp?
Also, how can I filter out root and sudo account entries, displaying
everyone else in audit?
Thanks.
Scott
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos