From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Bill Tangren" <bjt@usno.navy.mil>
Subject: (no subject)
Date: Fri, 2 Nov 2007 12:21:26 -0400 (EDT)
Message-ID: <32451.72.245.24.113.1194020486.squirrel@aa.usno.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lA2GLWlO031721
	for <linux-audit@redhat.com>; Fri, 2 Nov 2007 12:21:32 -0400
Received: from aa.usno.navy.mil (beatrix.usno.navy.mil [198.116.61.254])
	by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id lA2GLVAN023910
	for <Linux-audit@redhat.com>; Fri, 2 Nov 2007 12:21:32 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Linux-audit@redhat.com
List-Id: linux-audit@redhat.com

I am running audit-1.0.15-3.EL4 on a RHEL ES 4 system, fully patched. I a=
m
trying to learn the meaning of the output of aureport. For example, if I
want to look at failed events, could you tell me what the following means=
?
That is, how do I know from this what is failing, and why?



[root@doggett ~]# /sbin/aureport -e --failed -ts yesterday 00:00:00 -te
today 00:00:00

Event Report
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
# date time event type auid
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
1. 11/01/2007 12:00:00 AM 5844794 SYSCALL -1



TIA,
Bill Tangren