Whenever I review audit logs, it is difficult for me to determine if an account was logged in at an usual day/time because there is no timestamp next to any entry, at least as I interpret the format. How, then do I properly and successfully review the audit log entries based on a date/time stamp? Also, how can I filter out root and sudo account entries, displaying everyone else in audit? Thanks. Scott