--- audit-0.6.8/lib/lookup_table.c~orig	2005-03-15 16:17:54.000000000 -0800
+++ audit-0.6.8/lib/lookup_table.c	2005-03-15 16:18:36.000000000 -0800
@@ -51,6 +51,7 @@ static struct transtab fieldtab[] = {
     { AUDIT_FSGID,    "fsgid"    },
     { AUDIT_LOGINUID, "loginuid" },
     { AUDIT_PERS,     "pers"     },
+    { AUDIT_ARCH,     "arch"     },
 
     { AUDIT_DEVMAJOR, "devmajor" },
     { AUDIT_DEVMINOR, "devminor" },
--- audit-0.6.8/lib/libaudit.h~orig	2005-03-15 16:48:38.000000000 -0800
+++ audit-0.6.8/lib/libaudit.h	2005-03-15 16:49:02.000000000 -0800
@@ -34,6 +34,7 @@
 /* TODO: Add this as a kernel patch to audit.h */
 /* These audit message types are for audit daemon local use. */
 #define AUDIT_DAEMON	1500     /* Define daemon local records */
+#define AUDIT_ARCH	11
 
 /* defines for audit subsystem */
 
--- audit-0.6.8/lib/libaudit.c~orig	2005-03-15 17:10:06.000000000 -0800
+++ audit-0.6.8/lib/libaudit.c	2005-03-15 17:10:57.000000000 -0800
@@ -399,8 +399,10 @@ int audit_rule_fieldpair(struct audit_ru
 
 	snprintf(buf, sizeof(buf), "%*.*s", v-f-negated, v-f-negated, f);
 	msg(LOG_DEBUG,"buf=%s\n", buf);
-	if ((field = audit_name_to_field(buf)) < 0) 
+	if ((field = audit_name_to_field(buf)) < 0) {
+		printf("bye\n");
 		return -2;
+	}
 	msg(LOG_DEBUG,"f%d%s%s\n", field, negated ? "!=" : "=", v+1);
 	rule->fields[rule->field_count] = field | (negated ? AUDIT_NEGATE : 0);
 	switch (field)