On Wednesday 03 May 2006 13:21, Kirkwood, David A wrote: > I don't see any timestamps on audit events. How can I bracket events > between to dates /times?
The ausearch utility was created to view the audit records. It extracts that information from the event. Can you give that a try? ausearch -ts 1:00:00 -i (This also assumes you have the audit daemon running.) -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
