Two different options control how information is displayed about time intervals:
For example, the following command
reports on all events that started on or after 8:35a.m. on February 17 of
the current year.
auditrpt -s 02170835
By specifying a starting time with
and an ending time with
you can report on events that occurred in that span of time.
For example, assume that want to know about all password changes that
occurred between 1 a.m. and 8 a.m. on February 4,
you would enter the following command:
auditrpt -e passwd -s 02040100 -h 02040800
If you do not use the
the end time specified by the
option must be later than the start time
displays the following error message and terminates processing:
start time must be earlier than the end time
If you use the
option, you can specify a start time later than the end time.
This allows you to report on all events in the log file except those
occurring during a specified time period.
For example, assume that you want to know about all password
changes except those that occurred between noon and 5 p.m. on February 3.
To report this information,
you would type the following command:
auditrpt -o -e passwd -s 02031700 -h 02031200