Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 369

The user has successfully logged in. This event is the one used by aureport
-l to report about user logins.
PAM reports that it has successfully opened a session for root.
PAM reports that the credentials have been successfully reacquired.
30.5.2 Generating Custom Audit Reports
The raw audit reports stored in the /var/log/audit directory tend to become very
bulky and hard to understand. To find individual events of interest, you might have to
read through thousands of other events before you spot the one that you want. To avoid
this, use the aureport utility and create custom reports.
The following use cases highlight just a few of the possible report types that you can
generate with aureport:
Read Audit Logs from Another File
When the audit logs have moved to another machine or when you want to analyze
the logs of a number of machines on your local machine without wanting to connect
to each of these individually, move the logs to a local file and have aureport analyze
them locally:
aureport -if myfile
Summary Report
======================
Range of time in logs: 03/02/09 14:13:38.225 - 17/02/09 14:52:27.971
Selected time for report: 03/02/09 14:13:38 - 17/02/09 14:52:27.971
Number of changes in configuration: 13
Number of changes to accounts, groups, or roles: 0
Number of logins: 6
Number of failed logins: 13
Number of authentications: 7
Number of failed authentications: 573
Number of users: 1
Number of terminals: 9
Number of host names: 4
Number of executables: 17
Number of files: 279
Number of AVC's: 0
Number of MAC events: 0
Number of failed syscalls: 994
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 0
Understanding Linux Audit 357