|
|
Two different options control how information is displayed about time intervals:
For example, the following command
reports on all events that started on or after 8:35a.m. on February 17 of
the current year.
auditrpt -s 02170835
By specifying a starting time with
-s
and an ending time with
-h,
you can report on events that occurred in that span of time.
For example, assume that want to know about all password changes that
occurred between 1 a.m. and 8 a.m. on February 4,
you would enter the following command:
auditrpt -e passwd -s 02040100 -h 02040800
If you do not use the
-o
option,
the end time specified by the
-h
option must be later than the start time
specified by
-s.
If not,
auditrpt
displays the following error message and terminates processing:
start time must be earlier than the end time
If you use the
-o
option, you can specify a start time later than the end time.
This allows you to report on all events in the log file except those
occurring during a specified time period.
For example, assume that you want to know about all password
changes except those that occurred between noon and 5 p.m. on February 3.
To report this information,
you would type the following command:
auditrpt -o -e passwd -s 02031700 -h 02031200