OK, let me try again.
1st summarize all in the dir (minor - time precision varies on report
time start/ends):
[root@audit tmp]# aureport -if audit-mirror/ -i --summary
Summary Report
======================
Range of time in logs: 03/23/2010 16:30:17.279 - 03/26/2010 01:58:02.255
Selected time for report: 03/23/2010 16:30:17 - 03/26/2010 01:58:02.255
...
2nd see events from yesterday through now (range of time in logs isn't
accurate as shown above; same files are there):
[root@audit tmp]# aureport -if audit-mirror/ -i --summary -ts
yesterday -te today
Summary Report
======================
Range of time in logs: 03/25/2010 00:01:01.519 - 03/26/2010 01:58:02.255
Selected time for report: 03/25/2010 00:00:00 - 03/26/2010 01:58:53
...
Now see the issue I was trying to illustrate earlier (ending time of
range in logs; there are definitely events there in that timeframe) :
[root@audit tmp]# aureport -if audit-mirror/ -i --summary -ts
yesterday -te 03/26/2010 00:00:00
Summary Report
======================
Range of time in logs: 03/25/2010 00:01:01.519 - 01/01/1970 00:00:00.000
Selected time for report: 03/25/2010 00:00:00 - 03/26/2010 00:00:00
Number of changes in configuration: 234
Number of changes to accounts, groups, or roles: 0
Number of logins: 7
Number of failed logins: 146
...
And this is the issue I was questioning.
Do you think it has been addressed already by possibly newer code than
I have (1.7.16)?
Thx,
LCB.
--
LC (Lenny) Bruzenak