12.3 Viewing Auditing Information

To view the audit logs, open the /var/log/audit/audit.log file in a text editor.

Your log file will resemble the following example:

********************************************************************

type=DAEMON_START msg=audit(1185934048.314:4312) auditd start, ver=1.2.9, format=raw, auid=4294967295 pid=27992 res=success, auditd pid=2
type=CONFIG_CHANGE msg=audit(1185934048.418:4): audit_enabled=0 old=0 by auid=4294967295
type=CONFIG_CHANGE msg=audit(1185934049.914:5):
audit_backlog_limit=256 old=64 by auid=4294967295
type=DAEMON_END msg=audit(1186036669.479:4313) auditd normal halt, sending auid=0 pid=6208 subj=86036669.479:6): audit_enabled=0 old=0
type=DAEMON_START msg=audit(1186036762.687:1615) auditd start, ver=1.2.9, format=raw, auid=4294967295 pid=3020 res=success, auditd pid=30
type=CONFIG_CHANGE msg=audit(1186036762.784:4): audit_enabled=0 old=0 by auid=4294967295

******************************************************************