Bug 224628 - "-ts today 11:15:00" causes error message
"-ts today 11:15:00" causes error message
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: audit (Show other bugs)
4.4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steve Grubb
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-26 14:24 EST by Steve Grubb
Modified: 2007-11-16 20:14 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2007-0285
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-07 19:56:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2007-01-26 14:24:12 EST
+++ This bug was initially created as a clone of Bug #191394 +++

Description of problem:
# ausearch -m avc -if audit.log -te now -ts today 11:15:00
Invalid start date (today). Month, Day, and Year are required.

(Note that '-ts 11:15:00' and letting it default to "today" *works*)

However, the manpage for ausearch says:
 -ts [start date] [start time]
              Search for events with time stamps equal to or after  the  given
              end  time. The format of end time depends on your locale. If the
              date is omitted, today is assumed. If the time is omitted,  mid-
              night is assumed. Use 24 hour clock time rather than AM or PM to
              specify time. An example date is 10/24/2005. An example of  time
              is  18:00:00. You may also use the word: now, today, and yester-
              day. Today means starting at 1 second after midnight.  Yesterday
              is 1 second after midnight the previous day.


Version-Release number of selected component (if applicable):
audit-1.2.1-2

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

-- Additional comment from sgrubb@redhat.com on 2006-05-12 08:24 EST --
today is a full time specification, meaning that it translates to 05/12/2006
00:00:01. So, doing -ts today 11:15:00 is the same as doing 05/12/2006 00:00:01
11:15:00, which is an error. I should probably cleanup the error messages and
update documentation. If you had wanted 11:15:00 on today's date, you only need
to enter the time and today's date is assumed.

-- Additional comment from zing@fastmail.fm on 2006-06-27 11:49 EST --
Could you also clarify whether the -ts option requires at least one of either
the time or date?

It is a confusing that -te can be used without any time specifications, but -ts
requires at least one time specification of date or time.  At least, this is
what I see on FC5:

$ ausearch -ts
-ts requires either date and/or time

It would be nice, and, IMO, expected to have -ts work like -te.

-- Additional comment from sgrubb@redhat.com on 2006-09-19 10:23 EST --
This was fixed in audit-1.2.7 and will be pushed into rawhide, FC-6, and FC-5.
Thanks for the suggestion.
Comment 6 Red Hat Bugzilla 2007-05-07 19:56:02 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0285.html

Note You need to log in before you can comment on or make changes to this bug.