Mailinglist Archive: opensuse-security (51 mails)

< Previous Next >
Re: [opensuse-security] No time stamps in audit.log?
Am 03.09.2014 09:44, schrieb Marcus Meissner:
On Tue, Sep 02, 2014 at 06:22:47PM +0200, pinguin74 wrote:
Hello,

it seems events in audit.log do not have time stamps. This makes
analyzing events a bit uncomfortable I think.

Can you make the audit system somehow to add a time stamp to logged
events? Just like in /var/log/messages.

It is there ... :)

type=AVC msg=audit(1409728889.981:41): apparmor="STATUS"
operation="profile_load" name="/usr/share/gitweb/gitweb.cgi" pid=655
comm="apparmor_parser"

The timestamp is 1409728889.981

$ date --date="@1409728889.981"
Wed Sep 3 09:21:29 CEST 2014

Is this their goal, to make reading the log file as hard as possible?
Why not encrypt it with AES to be sure you canĀ“t read it.....



< Previous Next >
List Navigation