Am 03.09.2014 09:44, schrieb Marcus Meissner: > On Tue, Sep 02, 2014 at 06:22:47PM +0200, pinguin74 wrote: >> Hello, >> >> it seems events in audit.log do not have time stamps. This makes >> analyzing events a bit uncomfortable I think. >> >> Can you make the audit system somehow to add a time stamp to logged >> events? Just like in /var/log/messages. > > It is there ... :) > > type=AVC msg=audit(1409728889.981:41): apparmor="STATUS" operation="profile_load" name="/usr/share/gitweb/gitweb.cgi" pid=655 comm="apparmor_parser" > > The timestamp is 1409728889.981 > > $ date --date="@1409728889.981" > Wed Sep 3 09:21:29 CEST 2014 Is this their goal, to make reading the log file as hard as possible? Why not encrypt it with AES to be sure you can´t read it.....
Description: OpenPGP digital signature