How to read audit log?

Tuesday, 25 September 2007

As I've reviewed the audit log of a system with audit 1.5.2 installed, I 
discovered the format is something I wasn't used to, and performing a man 
on auditd, auditctl, and a few others didn't help clarify anything.

Could someone please produce a sample audit log line or two and break down 
what each piece means, or direct me to a web page that does so?

I had initially expected some form of date/time stamp, but looking at the 
first set of decimal-separated digits couldn't help me decipher a 
date/time.

Thanks for any assistance.

Scott

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

How to read audit log?