From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Dennis <jdennis@redhat.com>
Subject: comparing record ids in auparse
Date: Wed, 05 Sep 2007 12:11:46 -0400
Message-ID: <1189008706.15928.12.camel@junko.usersys.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from [10.13.248.1] (vpn-248-1.boston.redhat.com [10.13.248.1])
	by mail.boston.redhat.com (8.13.1/8.13.1) with ESMTP id l85GBk7V018153
	for <linux-audit@redhat.com>; Wed, 5 Sep 2007 12:11:46 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

In the functions auparse_timestamp_compare() and events_are_equal() the
host field is not checked, is that by design or omission? Should two
different events from two different hosts be comparable?

On a side note, the use of the term timestamp in symbol names like
auparse_timestamp_compare() seems misleading because the item in
question is not really a timestamp, rather its an event identifier which
contains some time information. Are we too far down the road to call
this object an 'event_id'?
-- 
John Dennis <jdennis@redhat.com>