some questions about Linux audit

Dear Sir/Madam, Hello， I‘am a Chinese student， now I studying Linux audit and having some problems. I want to collect some information from network，such as the accessor’s IP and port. I defined a audit rule in machine A as follow， then I used “ping” and “vsftpd” programs to test audit. For example, I run "ping A" in another machine, I can't collect any information in A's audit log. In addition, I run "ssh A" , then I get some incomprehensible records that display in the picture below(eg saddr=inet6 host:::1 serv:45983 and saddr=inet6 host:::ffff:127.0.0.1 serv:41573). -a always,exit -F arch=b64 -S connect -S getsockname -S getpeername Looking forward to your reply！ Your sincerely, Yingjie Tang