Re: auditing for RHEL ES4
On Friday 16 November 2007 10:54:40 Bill Tangren wrote:
The reports always cover the entire range of available logs
(sometimes
gigabytes of data). The reports can take a LONG time to compile, and it
doesn't give me the daily snapshot I need.
Use the -ts and -te commandline options to limit the report range. It requires
the date format to be correct for your locale - iow date "+%x %T". The
older version does not support words like today or yesterday.
I'm thinking of installing the latest tarball and compiling, as I
understand
more recent versions of aureport have implemented time limits.
The older one does, too.
My question now is, is it possible to uninstall the prepackaged audit
and
audit-lib, and install the latest from source, without seriously hosing my
system?
No, it will not work. RHEL4 (and derivatives) has to use the 1.0.X series of
audit packages.
-Steve