Re: ausearch
On Friday 16 October 2009 06:25:42 pm Pittigher, Raymond - CS wrote:
I see that the -w or --word switch was added to the ausearch but how
it it
used?
It is used in addition to other matching. If you were to try this search:
ausearch --start today -f va
it will match any file that has va anywhere in it - for example /var/run would
match. But if you change it to this:
ausearch --start today -f va -w
now, /var/run would no longer match. It would insist on the whole file path to
be va.
But I have been trying
ausearch -w failed and variation of that but only get the message
You would just use "ausearch -sv no" to find failed records. Some search
options do not do partial matches. The -w option does not take an argument.
-Steve