[PATCH] more message updates

Hello, I was working on the ausearch utility and have it interpreting the logs nicely. There were a couple issues that popped up where some messages did not fall into similar patterns. There are several cases where auid does not have an '=' between it and the loginuid. Also, I ran into a problem interpreting syscalls because arch comes after the syscall. Life would be so much easier if arch was before syscall. The attached patch fixes this. Its against the .46 kernel. -Steve