我已在系统上启用审核,但是当我生成报告时,我没有获得成功登录的用户名
root@iWave-G22M:~# ausearch -m user_login -ts 16:18
----
time->Sat Jul 13 16:18:19 2019
type=USER_LOGIN msg=audit(1563034699.010:7): pid=1317 uid=0 auid=4294967295 ses=4294967295 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=localhost.localdomain addr=127.0.0.1 terminal=/dev/pts/0 res=success'
root@iWave-G22M:~# aureport -l -ts 16:18
Login Report
============================================
# date time auid host term exe success event
============================================
1. 07/13/19 16:18:19 -1 localhost.localdomain /dev/pts/0 /usr/sbin/sshd yes 7
root@iWave-G22M:~#
ausearch条目显然有一个userid条目(即id = 1000),但在登录报告中,auid为-1
审核版本2.8.4-r0