From mboxrd@z Thu Jan  1 00:00:00 1970
From: LC Bruzenak <lenny@magitekltd.com>
Subject: Re: ausearch
Date: Fri, 03 Jan 2014 08:05:35 -0600
Message-ID: <52C6C3AF.3070109@magitekltd.com>
References: <OFB1132B08.18F56C97-ON85257C55.004C905D-85257C55.004CBB41@us.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx13.extmail.prod.ext.phx2.redhat.com
	[10.5.110.18])
	by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id s03E5dOD018196
	for <linux-audit@redhat.com>; Fri, 3 Jan 2014 09:05:40 -0500
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com
	[209.85.219.44])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s03E5bra024707
	for <linux-audit@redhat.com>; Fri, 3 Jan 2014 09:05:38 -0500
Received: by mail-oa0-f44.google.com with SMTP id m1so16106632oag.17
	for <linux-audit@redhat.com>; Fri, 03 Jan 2014 06:05:37 -0800 (PST)
Received: from [192.168.31.11] (108-252-2-157.lightspeed.austtx.sbcglobal.net.
	[108.252.2.157])
	by mx.google.com with ESMTPSA id cx7sm84483168oeb.4.2014.01.03.06.05.36
	for <linux-audit@redhat.com>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Fri, 03 Jan 2014 06:05:36 -0800 (PST)
In-Reply-To: <OFB1132B08.18F56C97-ON85257C55.004C905D-85257C55.004CBB41@us.ibm.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On 01/03/2014 07:58 AM, David Flatley wrote:
>     When running "ausearch -i", does this read both
> the /var/log/audit/audit.log and the rotated log files in the same
> directory? Thanks.
It does, unless you specify the "-if <FILE>" option.
Remember: if called from a cron script, use the "--input-logs" option.

LCB

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com