* Chronological audit logs
@ 2006-11-28 21:06 Kirkwood, David A
2006-11-28 21:20 ` Stephen Smalley
2006-11-28 21:36 ` Steve Grubb
0 siblings, 2 replies; 3+ messages in thread
From: Kirkwood, David A @ 2006-11-28 21:06 UTC (permalink / raw)
To: Linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 598 bytes --]
Can someone tell me how I can generate a chronological listing between 2
dates of all the issues
I have designated to watch in the audit capabilities of the system? I
need to get a system with audit
capability sufficiently palatable to the Defense Department for
classified use. I currently use Sun
workstations and generate the audit logs via praudit and was looking for
some way to set up simaller
archived weekly audit logs.
Thanks,
David A. Kirkwood
SAIC
david.a.kirkwood@saic.com
kirkwoodd@saic.com
Phone: (727) 502-8310
Fax: (727) 822-7776
[-- Attachment #1.2: Type: text/html, Size: 3253 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Chronological audit logs
2006-11-28 21:06 Chronological audit logs Kirkwood, David A
@ 2006-11-28 21:20 ` Stephen Smalley
2006-11-28 21:36 ` Steve Grubb
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2006-11-28 21:20 UTC (permalink / raw)
To: Kirkwood, David A; +Cc: Linux-audit
On Tue, 2006-11-28 at 16:06 -0500, Kirkwood, David A wrote:
> Can someone tell me how I can generate a chronological listing between
> 2 dates of all the issues
>
> I have designated to watch in the audit capabilities of the system?
/sbin/ausearch -i -ts "starting date" -te "ending date"
And of course you can use the other options of ausearch to refine that
listing as desired.
> I need to get a system with audit
>
> capability sufficiently palatable to the Defense Department for
> classified use. I currently use Sun
>
> workstations and generate the audit logs via praudit and was looking
> for some way to set up simaller
>
> archived weekly audit logs.
--
Stephen Smalley
National Security Agency
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Chronological audit logs
2006-11-28 21:06 Chronological audit logs Kirkwood, David A
2006-11-28 21:20 ` Stephen Smalley
@ 2006-11-28 21:36 ` Steve Grubb
1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2006-11-28 21:36 UTC (permalink / raw)
To: linux-audit; +Cc: Kirkwood, David A
On Tuesday 28 November 2006 16:06, Kirkwood, David A wrote:
> Can someone tell me how I can generate a chronological listing between 2
> dates of all the issues I have designated to watch in the audit capabilities
> of the system?
ausearch -ts date1 -te date2
> I currently use Sun workstations and generate the audit logs via praudit and
> was looking for some way to set up simaller archived weekly audit logs.
You would need to setup a cron job to do the weekly rotation if that is what
you want. There is a sample cron script, auditd.cron, that you can use as a
starting point. The normal rotation is by size in order to fit more data onto
your drives.
-Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-11-28 21:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-28 21:06 Chronological audit logs Kirkwood, David A
2006-11-28 21:20 ` Stephen Smalley
2006-11-28 21:36 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox