[CentOS] Interpreting audit logs?

Scott Ehrlich scott at MIT.EDU
Sun Oct 28 15:39:16 UTC 2007

Whenever I review audit logs, it is difficult for me to determine if an 
account was logged in at an usual day/time because there is no timestamp 
next to any entry, at least as I interpret the format.   How, then do I 
properly and successfully review the audit log entries based on a 
date/time stamp?

Also, how can I filter out root and sudo account entries, displaying 
everyone else in audit?



More information about the CentOS mailing list