9/6/2023 0 Comments Perl file time stamp![]() ![]() PERL : Perl was originally a language optimized for scanning arbitrary text files, extracting information from those text files, and printing reports based on that audit]# perl -pe 's/(\d+)/localtime/e' audit.log | more i, -interpret : Interpret numeric entities into textĪ) Date command with %s is used to convert normal time to epoch time.ĭisplay the current time in the given FORMAT, or set the system audit]# date audit]# date +%sī) Date command with is used to convert epoch time to normal audit]# date Oct 3 18:16:16 IST audit]#Ĭ) If we want to convert the specific system time to epoch audit]# date -date="Wed Oct 3 18:16:" +%sģ. Type=CONFIG_CHANGE msg=audit( 12:48:40.357:6) : audit_failure=1 old=1 auid=unset ses=unset subj=system_u:system_r:unconfined_service_t:s0 res=yes Type=CONFIG_CHANGE msg=audit( 12:48:40.357:5) : audit_backlog_limit=8192 old=64 auid=unset ses=unset subj=system_u:system_r:unconfined_service_t:s0 res=yes We can specify a different file using the ausearch options -if file_name log]# ausearch -i | grep -i CONFIG Also it is used to read the audit log epoch timestamp to user readable timestamp.By default, ausearch searches the /var/log/audit/audit.log file. By default, audit log would be like below. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |