From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Output of aureport in columns
Date: Fri, 13 Jul 2012 13:19:03 -0400
Message-ID: <2352920.5LKTSJ9IQJ@x2>
References: <1342124785.2463.15.camel@debian.domain_name>
	<1493625.F4rznPhkvU@x2>
	<1342199340.2555.6.camel@debian.domain_name>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1342199340.2555.6.camel@debian.domain_name>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Friday, July 13, 2012 01:09:00 PM Michael Mather wrote:
> Yes, Steve, adding --raw works beautifully. Thanks.
> 
> Now, where can I find a tutorial that might have taught me this?

There is some discussion of this in the audit.rules man page under the section 
NOTES. There was also an article about using the audit system to debug the 
whole OS at once. The article gives some examples of stringing together 
searches and reports:

http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf


> And is there a way to search this list?

You can use Google and the site operator to restrict the results:

site:www.redhat.com ausearch raw
 
-Steve