[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] No time stamps in audit.log?



Am 03.09.2014 09:44, schrieb Marcus Meissner:
> On Tue, Sep 02, 2014 at 06:22:47PM +0200, pinguin74 wrote:
>> Hello,
>>
>> it seems events in audit.log do not have time stamps. This makes
>> analyzing events a bit uncomfortable I think.
>>
>> Can you make the audit system somehow to add a time stamp to logged
>> events? Just like in /var/log/messages.
> 
> It is there ... :)
> 
> type=AVC msg=audit(1409728889.981:41): apparmor="STATUS" operation="profile_load" name="/usr/share/gitweb/gitweb.cgi" pid=655 comm="apparmor_parser"
> 
> The timestamp is 1409728889.981 
> 
> $ date --date="@1409728889.981"
> Wed Sep  3 09:21:29 CEST 2014

Is this their goal, to make reading the log file as hard as possible?
Why not encrypt it with AES to be sure you can´t read it.....



Attachment: signature.asc
Description: OpenPGP digital signature