From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH 1/2] fix a bug that use option '-r' cannot output all
	unformatted logs
Date: Tue, 29 Jul 2008 08:38:17 -0400
Message-ID: <200807290838.18033.sgrubb@redhat.com>
References: <488EAD35.8000404@cn.fujitsu.com> <488EEBD3.1070504@cn.fujitsu.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <488EEBD3.1070504@cn.fujitsu.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Peng Haitao <penght@cn.fujitsu.com>
Cc: audit-list <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

On Tuesday 29 July 2008 06:07:15 Peng Haitao wrote:
> =C2=A0 The log which message type is CONFIG_CHANGE does not contain "au=
id=3D" and
> exists in /var/log/audit/audit.log, This will be OK or the log loses
> "auid=3D"?

All records must have auid. That is part of the requirements besides date=
,=20
time, what happened, and what was the results. If that record is missing=20
auid, we need to patch the kernel.

-Steve