Re: aureport header question
On Thursday 25 March 2010 10:35:57 pm LC Bruzenak wrote:
Now see the issue I was trying to illustrate earlier (ending time of
range in logs; there are definitely events there in that timeframe) :
[root@audit tmp]# aureport -if audit-mirror/ -i --summary -ts
yesterday -te 03/26/2010 00:00:00
aureport/search aborts processing an event if the parsing is wrong. There may
be some records with formats that do not match. You might try getting the logs
smaller and smaller until you get a few that reproduce the problem.
And this is the issue I was questioning.
Do you think it has been addressed already by possibly newer code than
I have (1.7.16)?
1.7.17 is the latest. I don't think it addresses this issue.
-Steve