[PATCH] auditd: fix missing space with enriched log format
Enzo Matsumiya
ematsumiya at suse.de
Wed Sep 15 17:55:20 UTC 2021
On 09/15, Steve Grubb wrote:
>There is another log format, RAW, which should be suitable for the old tools.
>Also, I don't understand what problems that causes. You haven't exactly
>explained what the problem is and why this is needed. The ENRICHED format has
>been documented for over 5 years. Plenty of time for tools to become aware.
> ...
Again, the change was only cosmetic for when you "cat
/var/log/audit/audit.log" -- no problems otherwise.
>Without more context, I am reluctant to change a documented standard that has
>existed for over 5 years.
>
>https://github.com/linux-audit/audit-documentation/wiki/SPEC-Audit-Event-Enrichment
Please drop it then. I'll work on changing the default log_format back to
RAW for future SLES releases.
Cheers,
Enzo
More information about the Linux-audit
mailing list