To search based on a date range is not easy, especially if you do not know the dates on each file. Essentially this may be a larger issue. If the logfiles were automatically based on date, this could be accounted for in the audit viewer. So maybe this option inside the auditd would enable date-based logfiles and then the audit-viewer could leverage that?
Thanks for your report.
Do you have any suggestion for making the search easier? Are perhaps the separate hour/minute/second/millisecond too confusing?
Can you clarity how do log files relate to dates? It sounds like you are attempting to use the date range search to look only a specific log file. Can't you change the event source to the single log file instead?
I apologize. This problem is not as I described. I will close this one and open a new one with a better, more appropriate description.
Log in to comment on this ticket.