Red Hat Enterprise Linux 5 Administration Unleashed

518CHAPTER 25Linux Auditing SystemTo produce results in more human-readable format such as replacing UIDs with theusernames they map to, also use the -i option:aureport - -iTo display the start and stop times for each log, add the -t option:aureport - -i -tTo display events equal to or before a specific time, add the -te option followed by enddate and end time. Use the numerical format for the date and time for your locale, andspecify the time in the 24-hour format. For example, for the en_us.UTF-8 locale, use thedate format MM/DD/YY:aureport - -i -te To display events equal to or after a specific time, add the -ts option followed by startdate and time. The same date and time formatting rules apply as the ones for the -teoption:aureport - -i -ts To display only failed events use --failed; notice this option is prefixed with two dashesinstead of one:aureport - -i --failedTo display only successful events use --success; notice this option is prefixed with twodashes instead of one:aureport - -i --successSome reports can also be generated in a summary format with the --summary option;notice this option is prefixed with two dashes instead of one:aureport - -i --summaryTo produce a main summary report instead of one about one area, use the -r option:aureport -r -iTo produce reports from a log file other than the default, specify it with the -if option:aureport - -i -if /var/log/audit/audit.log.1Searching the RecordsIn addition to generating event reports and summaries with aureport, administrators canalso search the audit records with ausearch. As root, execute the ausearch commandfollowed by one or more options from Table 25.3. If more than one option is specified,