From mboxrd@z Thu Jan 1 00:00:00 1970 From: LC Bruzenak Subject: Re: ausearch discrepancies? Date: Fri, 05 Jun 2009 07:38:34 -0500 Message-ID: <1244205514.31664.486.camel@homeserver> References: <1244162237.31664.477.camel@homeserver> <4A290725.3020202@gtri.gatech.edu> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n55CcoCk030109 for ; Fri, 5 Jun 2009 08:38:50 -0400 Received: from mail.magitekltd.com (rrcs-24-242-137-197.sw.biz.rr.com [24.242.137.197]) by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id n55CcZpt013796 for ; Fri, 5 Jun 2009 08:38:35 -0400 In-Reply-To: <4A290725.3020202@gtri.gatech.edu> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Joshua Roys Cc: Linux Audit List-Id: linux-audit@redhat.com On Fri, 2009-06-05 at 07:53 -0400, Joshua Roys wrote: > On 06/04/2009 08:37 PM, LC Bruzenak wrote: > > Yep, the man page says that if you don't specify the time (and by time, > it means the hh:mm:ss part of the date-time) it chooses now. > > -te, --end [end-date] [end-time] > Search for events with time stamps equal to or before > the given end time. The format of end time depends on your locale. If > the date is omitted, > today is assumed. *If the time is omitted, now is > assumed.* Use 24 hour clock time rather than AM or PM to specify > time. An example date is > 10/24/2005. An example of time is 18:00:00. > > Joshua Roys OH! I wondered why the last event for yesterday seemed strangely close to today's time. It didn't occur to me that today's time would matter on a date in the past. Thank you! I appreciate the clarification. LCB. -- LC (Lenny) Bruzenak lenny@magitekltd.com