From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Dennis <jdennis@redhat.com>
Subject: Re: Auparse using Buffer.......
Date: Fri, 18 Jan 2008 09:55:08 -0500
Message-ID: <4790BDCC.8060109@redhat.com>
References: <770716a30801180642v5c31b536ye696db92805c0e8e@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <770716a30801180642v5c31b536ye696db92805c0e8e@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: kunal chandarana <chandarana.kunal@gmail.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

kunal chandarana wrote:
 >     data="type=USER_ACCT msg=audit(1200638450.722:15): user pid=2156 
uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 
msg='op=PAM:accounting acct=root exe=\"/usr/sbin/gdm-binary\" 
(hostname=?, addr=?, terminal=:0 res=success)'\0";

There is no EOR (End of Record) character in your data (e.g. newline), 
therefore the record is not terminated and the input is incomplete.

The EOR is *not* implicit at EOB (End of Buffer) because buffers can be 
concatenated fragments.
-- 
John Dennis <jdennis@redhat.com>