From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: auditd 2.0.5 and 2.2 log format changes
Date: Tue, 20 May 2014 11:31:38 -0400
Message-ID: <20140520113138.5e08d5e2@ivy-bridge>
References: <CAKpsdD0b0aXV1J-0y0WDudaKAGqUex204pSMQ1ebWtX3Jw3J6Q@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <CAKpsdD0b0aXV1J-0y0WDudaKAGqUex204pSMQ1ebWtX3Jw3J6Q@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Ismail Yenigul <ismailyenigul@gmail.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tue, 20 May 2014 18:18:14 +0300
Ismail Yenigul <ismailyenigul@gmail.com> wrote:
> I have a scipt to correlate(for user friendly report) auditd 2.2
> version logs. It works on RedHat.
> We have suse 11.4 server running audit 2.0.5 version .
> 
> I could not see any major log format difference between two version.
> I see that there is  nametype=NORMAL field difference at the end of
> each line for version 2.2.

This is not related to auditd. This is a change in the kernel. Auditd
just distributes events to disk and other applications.


> Is there any other log format changes between two versions?

There are likely differences in the kernels (and possibly user space
apps). I have no idea what they are.

-Steve