Re: [PATCH 1/2] fix a bug that use option '-r' cannot output all unformatted logs
On Tuesday 29 July 2008 06:07:15 Peng Haitao wrote:
The log which message type is CONFIG_CHANGE does not contain
"auid=" and
exists in /var/log/audit/audit.log, This will be OK or the log loses
"auid="?
All records must have auid. That is part of the requirements besides date,
time, what happened, and what was the results. If that record is missing
auid, we need to patch the kernel.
-Steve