3 Sep
2014
3 Sep
'14
22:46
Am 03.09.2014 09:44, schrieb Marcus Meissner:
On Tue, Sep 02, 2014 at 06:22:47PM +0200, pinguin74 wrote:
Hello,
it seems events in audit.log do not have time stamps. This makes analyzing events a bit uncomfortable I think.
Can you make the audit system somehow to add a time stamp to logged events? Just like in /var/log/messages.
It is there ... :)
type=AVC msg=audit(1409728889.981:41): apparmor="STATUS" operation="profile_load" name="/usr/share/gitweb/gitweb.cgi" pid=655 comm="apparmor_parser"
The timestamp is 1409728889.981
$ date --date="@1409728889.981" Wed Sep 3 09:21:29 CEST 2014
Is this their goal, to make reading the log file as hard as possible? Why not encrypt it with AES to be sure you can´t read it.....