[PATCH] Fix a bug of parsing the log which type is MAC_IPSEC_EVENT
Peng Haitao
penght at cn.fujitsu.com
Mon Sep 1 06:43:54 UTC 2008
Hello steve,
the log which type is MAC_IPSEC_EVENT, MAC_UNLBL_STCADD and MAC_UNLBL_STCDEL cannot be parsed in function extract_search_items().
Signed-off-by: Peng Haitao <penght at cn.fujitsu.com>
---
src/ausearch-parse.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 5ba0fde..d2cb44d 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -211,7 +211,7 @@ int extract_search_items(llist *l)
AUDIT_FIRST_KERN_ANOM_MSG...AUDIT_LAST_KERN_ANOM_MSG:
ret = parse_kernel_anom(n, s);
break;
- case AUDIT_MAC_POLICY_LOAD...AUDIT_MAC_IPSEC_DELSPD:
+ case AUDIT_MAC_POLICY_LOAD...AUDIT_MAC_UNLBL_STCDEL:
ret = parse_simple_message(n, s);
break;
case AUDIT_KERNEL:
--
1.5.3
--
Regards
Peng Haitao
More information about the Linux-audit
mailing list