Re: audit 2.3.6 released

Please find attached a patch against 2.3.6 that, when checkpointing, notices if we identify an audit.log file to use (ie the dev and inode match) but we find a complete event whose time is > 2 seconds past the checkpoint time. This should not happen, as the checkpoint event should be found BEFORE any other complete event for the checkpoint event was the last displayed complete event in the file. When this occurs, a message is printed to stderr and ausearch will terminate with an exit code of 12. This typically occurs if there is a lot of processing or a long time occurs between two invocations of ausearch --checkpoint. Basically, an inode is reused in one of the new audit.log files.