Here is my report: [EMAIL PROTECTED] audit]# aureport --summary Summary Report ====================== Range of time in logs: 05/27/2008 12:04:31.669 - 05/28/2008 18:14:56.100 Selected time for report: 05/27/2008 12:04:31 - 05/28/2008 18:14:56.100 Number of changes in configuration: 174 Number of changes to accounts, groups, or roles: 0 Number of logins: 5 Number of failed logins: 1 Number of authentications: 25 Number of failed authentications: 1 Number of users: 2 Number of terminals: 16 Number of host names: 8 Number of executables: 114 Number of files: 19536 Number of AVC's: 1007 Number of MAC events: 25 Number of failed syscalls: 1283 Number of anomaly events: 107 Number of responses to anomaly events: 0 Number of crypto events: 0 Number of keys: 14 Number of process IDs: 1473 Number of events: 37218
IIUC the last line - number of events - should be the sum of all the previous. However, adding up the events (barring OE) before that comes to 23791. I guess there are overlaps too - for example, the keys are possibly also in syscall events? Are some events missing on purpose? Thx, LCB. -- LC (Lenny) Bruzenak [EMAIL PROTECTED] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
