Hi,
Sorry for the deluge of questions :)
Regarding auditd, what is the ABI guarantee ? Do you guarantee that the 
text contained in audit_reply->msg.data will always be the same format ? 
I imagine you reserve the right to add fields, but how about removing 
any or even reordering them ?
Or are people simply required to use auparse to guarantee they get 
records properly ?
Also, regarding 'unofficial' ABI compatibility, when has the 
audit_reply->msg.data format changed last ? Say these past 3-4 years, 
were there any changes in the format or could I use a faster, but 
specifically focused parser on the msgs when detecting older releases at 
least ?
Thanks,
Hassan