On Friday 02 November 2007 12:21:26 pm Bill Tangren wrote: > Event Report > =========================== > # date time event type auid > =========================== > 1. 11/01/2007 12:00:00 AM 5844794 SYSCALL -1
The event report is to give you an idea about the distribution of events occurring on your system. In this case, its a syscall that is failing. To see the actual record, use "ausearch -ts 11/01/2007 12:00:00 -te 11/01/2007 12:00:01 -a 5844794 -i" -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
