I have removed the packages audit-2.4.1, audit-libs-2.4.1, audit-libs-devel-2,4,1 and SnareLinux and added via rpm audit-libs-1.0.14-1, audit-libs-1.0.4-1 and audit-1.0.14-1. The time field is still not readable when I used ausearch or aureport utilities.
Have I missed something? I am comparing the system to a known good system and they appear to be identical. All help is appreciated. Thanks, David A. Kirkwood SAIC [EMAIL PROTECTED] [EMAIL PROTECTED] -----Original Message----- From: Steve Grubb [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2008 11:13 AM To: [email protected] Cc: Kirkwood, David A. Subject: Re: Time field not readable On Monday 03 November 2008 10:50:05 Kirkwood, David A. wrote: > I have had the audit running on multiple system for some time using > auditctl version 1.0.14 and everything is working just the way I want > it. I have been given a RHEL4u4 system ( which is what the others are) > and it havs auditctl version 1.2.1. RHEL4 must use the audit tools from the 1.0.X series. There were many changes that cause incompatibility with anything newer. Yes, install the 1.0.14 copy and it should work better. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
