I am running audit-1.0.15-3.EL4 on a RHEL ES 4 system, fully patched. I am
trying to learn the meaning of the output of aureport. For example, if I
want to look at failed events, could you tell me what the following means?
That is, how do I know from this what is failing, and why?
[root@doggett ~]# /sbin/aureport -e --failed -ts yesterday 00:00:00 -te
today 00:00:00
Event Report
===========================
# date time event type auid
===========================
1. 11/01/2007 12:00:00 AM 5844794 SYSCALL -1
TIA,
Bill Tangren