I am running audit-1.0.15-3.EL4 on a RHEL ES 4 system, fully patched. I am trying to learn the meaning of the output of aureport. For example, if I want to look at failed events, could you tell me what the following means? That is, how do I know from this what is failing, and why?
[EMAIL PROTECTED] ~]# /sbin/aureport -e --failed -ts yesterday 00:00:00 -te today 00:00:00 Event Report =========================== # date time event type auid =========================== 1. 11/01/2007 12:00:00 AM 5844794 SYSCALL -1 TIA, Bill Tangren -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
