ausearch 如何指定时间和日期

Question

日期和时间应该是单独的参数：

sudo ausearch --start 05/07/2019 '16:48:07'

我发现网上的例子，但更细心的读者可能会在手册页:

       -ts, --start [start-date] [start-time]
              Search for events with time stamps equal to or after  the  given
              start  time. The format of start time depends on your locale. If
              the date is omitted, today is assumed. If the time  is  omitted,
              midnight is assumed. Use 24 hour clock time rather than AM or PM
              to specify time. An example date using the en_US.utf8 locale  is
              09/03/2009.  An  example  of  time  is 18:00:00. The date format
              accepted is influenced by the LC_TIME environmental variable.

注意-ts, --start [start-date] [start-time]，显然有两个可选参数，而不是一个。

Answer 1

日期和时间应该是单独的参数：

sudo ausearch --start 05/07/2019 '16:48:07'

我发现网上的例子，但更细心的读者可能会在手册页:

       -ts, --start [start-date] [start-time]
              Search for events with time stamps equal to or after  the  given
              start  time. The format of start time depends on your locale. If
              the date is omitted, today is assumed. If the time  is  omitted,
              midnight is assumed. Use 24 hour clock time rather than AM or PM
              to specify time. An example date using the en_US.utf8 locale  is
              09/03/2009.  An  example  of  time  is 18:00:00. The date format
              accepted is influenced by the LC_TIME environmental variable.

注意-ts, --start [start-date] [start-time]，显然有两个可选参数，而不是一个。

ausearch 如何指定时间和日期

答案1

相关内容