Hello, this patch updates logparser.py to support the changed syslog format by adding (audit:\s+)? to RE_LOG_v2_6_syslog.
References: https://bugs.launchpad.net/apparmor/+bug/1399027 [ logparser-lp1399027.diff ] === modified file 'utils/apparmor/logparser.py' --- utils/apparmor/logparser.py 2014-08-20 22:55:44 +0000 +++ utils/apparmor/logparser.py 2015-01-16 21:24:45 +0000 @@ -25,7 +25,7 @@ _ = init_translation() class ReadLog: - RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=') + RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?(audit:\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=') RE_LOG_v2_6_audit = re.compile('type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor=') # Used by netdomain to identify the operation types # New socket names Regards, Christian Boltz -- Please, if you use any of my code in your giant list of bad coding practices, feel free to not attribute me. :) [Seth Arnold in apparmor] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor