RE: FW: Time field not readable

The kernel I am running is 2.6.9-42. I think the kernel may have been tampered with. Doesn't Snare install require rebuilding the kernel with traps for the audit to work? Also, I found the complete source tree in /usr/RedHat and /usr/SRCS (at least there was a lot of code there). David A. Kirkwood SAIC david.a.kirkwood(a)saic.com kirkwoodd(a)saic.com Phone: (727) 502-8310 Fax: (727) 822-7776 -----Original Message----- From: linux-audit-bounces(a)redhat.com [mailto:linux-audit-bounces@redhat.com] On Behalf Of Steve Grubb Sent: Monday, November 03, 2008 4:46 PM To: linux-audit(a)redhat.com Cc: Kirkwood, David A. Subject: Re: FW: Time field not readable On Monday 03 November 2008 14:59:05 Kirkwood, David A. wrote: I have no idea what those are. the latest RHEL4 audit package is 1.0.16 and RHEL5 is 1.6.5. My development copy is 1.7.9. You have a RHEL4 system that is way out of whack since those are packages that I've never heard of. :) audit-libs-1.0.4-1 and ausearch or Updating the user space utilities means that from now on your logs will be readable. Also, what kernel are you running? Are you running a real RHEL4 kernel? -Steve -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit