
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2022-11-28 at 15:03 -0500, Joe Salmeri wrote:
Hi Carlos,
Wow, what a find! Thanks, Joe. .. msg=audit(30/09/22 13:32:02.446:6930) ...>> Pity it doesn't print in ISO format. Tried:
Glad it was useful.
I noticed that your timestamps were coming out in dd/mm/yy format
When I run it the come out in mm/dd/yyyy format.
msg=audit(11/28/22 14:47:53.162:1143)
I don't have LC_TIME set but LC_CTYPE is set to 'en_US.UTF-8'. I tried setting LC-CTYPE to your value but my results still came out the same as above.
No change here: Telcontar:~ # LC_TIME=es_ES.UTF-8 LC_CTYPE=es_ES.UTF-8 ausearch -i | head -2 - ---- type=USER_START msg=audit(30/09/22 13:32:02.446:6930) : pid=30401 uid=root auid=news ses=796 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_systemd,pam_limits,pam_unix,pam_umask,pam_gnome_keyring acct=news exe=/usr/sbin/cron hostname=? addr=? terminal=cron res=success' Telcontar:~ # LC_TIME=es_ES.UTF-8 LC_CTYPE=es_ES.UTF-8 ausearch -i | head -2 - ---- type=USER_START msg=audit(30/09/22 13:32:02.446:6930) : pid=30401 uid=root auid=news ses=796 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_systemd,pam_limits,pam_unix,pam_umask,pam_gnome_keyring acct=news exe=/usr/sbin/cron hostname=? addr=? terminal=cron res=success' Telcontar:~ # Telcontar:~ # LC_TIME=es_ES.UTF-8 LC_CTYPE=en_DK.UTF-8 ausearch -i | head -2 - ---- type=USER_START msg=audit(30/09/22 13:32:02.446:6930) : pid=30401 uid=root auid=news ses=796 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_systemd,pam_limits,pam_unix,pam_umask,pam_gnome_keyring acct=news exe=/usr/sbin/cron hostname=? addr=? terminal=cron res=success' Telcontar:~ # Where does it take the date format from? Ah, GOT IT! Telcontar:~ # LC_TIME=en_DK.UTF-8 LC_CTYPE=en_DK.UTF-8 ausearch -i | head -2 - ---- type=USER_START msg=audit(2022-09-30 13:32:02.446:6930) : pid=30401 uid=root auid=news ses=796 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_systemd,pam_limits,pam_unix,pam_umask,pam_gnome_keyring acct=news exe=/usr/sbin/cron hostname=? addr=? terminal=cron res=success' Telcontar:~ # and: Telcontar:~ # LC_TIME=en_DK.UTF-8 ausearch -i | head -2 - ---- type=USER_START msg=audit(2022-09-30 13:32:02.446:6930) : pid=30401 uid=root auid=news ses=796 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_systemd,pam_limits,pam_unix,pam_umask,pam_gnome_keyring acct=news exe=/usr/sbin/cron hostname=? addr=? terminal=cron res=success' Telcontar:~ # The other day it did not work, perhaps I did some foo.
Since you are getting a different format than I am though it leads me to believe that there must be some other setting which it is using which would get your desired result I just don't know what it is.
FYI, -i also converts uuid to account names.
AH :-) - -- Cheers, Carlos E. R. (from openSUSE 15.3 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCY4UXIRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVkdYAmgLgS2X7BW06NautX6f4 29hoi6QLAJ4oAR+B1YLevIAl3o7kIH8H6k4GfQ== =8b8g -----END PGP SIGNATURE-----