Re: Questions about the standard (Google Summer of Code Project)
Hello,
Thank you for your reply! It is absolutely amazing. It clarified a lot.
> b) Why do some records are separated by a comma and a
> whitespace? Example:
>
> type=DAEMON_START msg=audit(1363713609.192:5426): auditd start,
> ver=2.2 format=raw kernel=2.6.32-358.2.1.el6.x86_64 auid=500 pid=4979
> subj=unconfined_u:system_r:auditd_t:s0 res=success
A long time ago the records were meant to be both human readable (don't laugh)
and machine consumable. Over time these have been converted name=value pairs.
Even the one you mention above has been fixed.
I am not sure if I understood; does it mean that: `auditd start, ver=2.2` is outdated and
deprecated? I’m confused because y Debian did produced a log file with this element.
Cheers,
-m