On Tuesday, June 17, 2014 11:26:01 AM Eric Paris wrote: > On Tue, 17 Jun 2014 10:56:24 -0400 > > Steve Grubb <[email protected]> wrote: > > On Tuesday, June 17, 2014 10:31:25 AM Eric Paris wrote: > > > On Tue, 17 Jun 2014 16:09:32 +0200 > > > > > > 2) Userspace silently throws records which are 'malformed' away, > > > instead of just printing them... > > > > > > ausearch -m LOGIN should be able to display these things... > > > > It does not have a concept of completing > > search criteria and just dumping the record out. There might be > > something that can be done here, but lots a changes risks breaking > > things in subtle ways. > > I understand, but I can't imagine any customer that would want these > records silently thrown away. When grep is a more reliable tool, we're in > trouble :)
Grep is not trying to make sense out of the audit trail. :-) I checked in a change that helps some, but it only fixes ausearch when loginuid is not specified. https://fedorahosted.org/audit/changeset/957 -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
