From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Bill Tangren" <bjt@usno.navy.mil>
Subject: auditing for RHEL ES4
Date: Fri, 16 Nov 2007 10:54:40 -0500 (EST)
Message-ID: <4558.10.1.5.75.1195228480.squirrel@aa.usno.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lAGFsqSq003014
	for <linux-audit@redhat.com>; Fri, 16 Nov 2007 10:54:52 -0500
Received: from aa.usno.navy.mil (beatrix.usno.navy.mil [198.116.61.254])
	by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id lAGFsk9g006577
	for <linux-audit@redhat.com>; Fri, 16 Nov 2007 10:54:51 -0500
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

I'm running RHEL ES 4 servers, and am having difficulty with aureport. I'=
m
using audit version 1.0.15-3, the one that comes with the OS. The problem
is that I need daily reports, and it is not doing it. The reports always
cover the entire range of available logs (sometimes gigabytes of data).
The reports can take a LONG time to compile, and it doesn't give me the
daily snapshot I need. I'm thinking of installing the latest tarball and
compiling, as I understand more recent versions of aureport have
implemented time limits. [I've emailed this list before about this.]

My question now is, is it possible to uninstall the prepackaged audit and
audit-lib, and install the latest from source, without seriously hosing m=
y
system?

TIA,


--=20
Bill Tangren
U.S. Naval Observatory