strange arguments in some EXEC audit events

[Steve Grubb]

On Monday 02 March 2009 09:17:44 am Nikola Ciprich wrote:
> I'm not sure what
> "66696C65202D4C202F7661722F6C6F672F61756469742F61756469742E6C6F6720323E2F64
>65762F6E756C6C" argument might be, is it somehow encoded string? It seems to
> remain unchanged across multiple events... Could somebody shed some light
> on it for me?

You should be able to see the record's text by using ausearch with the -i 
option. If ausearch is not displaying it correctly with that option, then you 
have found a bug.

-Steve