From mboxrd@z Thu Jan  1 00:00:00 1970
From: LC Bruzenak <lenny@magitekltd.com>
Subject: aureport summary
Date: Wed, 28 May 2008 18:27:45 -0500
Message-ID: <1212017265.6610.56.camel@homeserver>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m4SNSEZF004145
	for <linux-audit@redhat.com>; Wed, 28 May 2008 19:28:14 -0400
Received: from magi (rrcs-24-242-137-197.sw.biz.rr.com [24.242.137.197])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m4SNS2Mo000372
	for <linux-audit@redhat.com>; Wed, 28 May 2008 19:28:02 -0400
Received: from [24.242.137.194] (helo=[192.168.30.40])
	by magi with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.63) (envelope-from <lenny@magitekltd.com>)
	id 1K1V2O-0000dm-Um
	for linux-audit@redhat.com; Wed, 28 May 2008 18:26:32 -0500
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Here is my report:
[root@hugo audit]# aureport --summary

Summary Report
======================
Range of time in logs: 05/27/2008 12:04:31.669 - 05/28/2008 18:14:56.100
Selected time for report: 05/27/2008 12:04:31 - 05/28/2008 18:14:56.100
Number of changes in configuration: 174
Number of changes to accounts, groups, or roles: 0
Number of logins: 5
Number of failed logins: 1
Number of authentications: 25
Number of failed authentications: 1
Number of users: 2
Number of terminals: 16
Number of host names: 8
Number of executables: 114
Number of files: 19536
Number of AVC's: 1007
Number of MAC events: 25
Number of failed syscalls: 1283
Number of anomaly events: 107
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of keys: 14
Number of process IDs: 1473
Number of events: 37218


IIUC the last line - number of events - should be the sum of all the
previous. 
However, adding up the events (barring OE) before that comes to 23791. I
guess there are overlaps too - for example, the keys are possibly also
in syscall events?
Are some events missing on purpose?

Thx,
LCB.

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com