[CentOS] Interpreting audit logs?
scott at MIT.EDU
Sun Oct 28 15:39:16 UTC 2007
Whenever I review audit logs, it is difficult for me to determine if an
account was logged in at an usual day/time because there is no timestamp
next to any entry, at least as I interpret the format. How, then do I
properly and successfully review the audit log entries based on a
Also, how can I filter out root and sudo account entries, displaying
everyone else in audit?
More information about the CentOS