On Friday 16 November 2007 10:54:40 Bill Tangren wrote: > The reports always cover the entire range of available logs (sometimes > gigabytes of data). The reports can take a LONG time to compile, and it > doesn't give me the daily snapshot I need.
Use the -ts and -te commandline options to limit the report range. It requires the date format to be correct for your locale - iow date "+%x %T". The older version does not support words like today or yesterday. > I'm thinking of installing the latest tarball and compiling, as I understand > more recent versions of aureport have implemented time limits. The older one does, too. > My question now is, is it possible to uninstall the prepackaged audit and > audit-lib, and install the latest from source, without seriously hosing my > system? No, it will not work. RHEL4 (and derivatives) has to use the 1.0.X series of audit packages. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
