> On Friday 16 November 2007 10:54:40 Bill Tangren wrote: >> The reports always cover the entire range of available logs (sometimes >> gigabytes of data). The reports can take a LONG time to compile, and it >> doesn't give me the daily snapshot I need. > > Use the -ts and -te commandline options to limit the report range. It > requires > the date format to be correct for your locale - iow date "+%x %T". The > older version does not support words like today or yesterday. > >
I now have time to work on this. I did this for an example: [EMAIL PROTECTED] ~]# aureport -ts `date "+%x 16:00:00"` Summary Report ====================== Range of time: 12/12/2007 00:33:26.629 - 12/26/2007 16:08:11.825 Number of changes in configuration: 0 Number of changes to accounts or groups: 0 Number of logins: 0 Number of failed logins: 0 Number of users: 2 Number of terminals: 1 Number of host names: 1 Number of executables: 8 Number of files: 11 Number of AVC denials: 0 Number of failed syscalls: 10 Number of watched file events: 36 Number of anomaly events: 0 Number of responses to anomaly events: 0 Number of process IDs: 14 Number of events: 65 [EMAIL PROTECTED] ~]# aureport -ts `date "+%x 00:00:00"` Summary Report ====================== Range of time: 12/12/2007 00:33:26.629 - 12/26/2007 16:08:26.817 Number of changes in configuration: 0 Number of changes to accounts or groups: 0 Number of logins: 1 Number of failed logins: 0 Number of users: 2 Number of terminals: 3 Number of host names: 2 Number of executables: 54 Number of files: 225 Number of AVC denials: 0 Number of failed syscalls: 834 Number of watched file events: 1550 Number of anomaly events: 0 Number of responses to anomaly events: 0 Number of process IDs: 651 Number of events: 3388 [EMAIL PROTECTED] ~]# Notice that the range times are the same for both examples, but the other results are different. Is there a problem with the range times? -- Bill Tangren U.S. Naval Observatory -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
