Bug 398201
Summary: | auditd does not time stamp log entries in /var/log/audit/audit.log | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | william hanlon <whanlon> |
Component: | audit | Assignee: | Steve Grubb <sgrubb> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 8 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-11-26 14:03:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
william hanlon
2007-11-25 08:19:31 UTC
The timestamps are already in the events - but encoded. The ausearch program is the audit log viewer. It will extract the timestamp from the events and display it for you. The '-i' option will do further interpretation. If you have done something recent and want to see the avcs, use: ausearch --start recent -m avc -i | less If you can see the timestamps though ausearch, I'll go ahead and close this bug report. Thanks. I used ausearch as you recommended and I can now see the times. Closing bug report as mentioned above. If you have any questions about audit feel free to contact myself or linux-audit mail list. |