Re: [PATCH] auditd: fix missing space with enriched log format

Wednesday, 15 September 2021

On 09/15, Steve Grubb wrote:
...
There is another log format, RAW, which should be suitable for the old
tools.
Also, I don't understand what problems that causes. You haven't exactly
explained what the problem is and why this is needed. The ENRICHED format has
been documented for over 5 years. Plenty of time for tools to become aware.
 ... 
Again, the change was only cosmetic for when you "cat
/var/log/audit/audit.log" -- no problems otherwise.

...
Without more context, I am reluctant to change a documented standard
that has
existed for over 5 years.

https://github.com/linux-audit/audit-documentation/wiki/SPEC-Audit-Event-...

Please drop it then. I'll work on changing the default log_format back to
RAW for future SLES releases.

Cheers,

Enzo

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH] auditd: fix missing space with enriched log format