I think this patch might fix the problem. The format of audit messages that are redirected to syslog because auditd isn't running changed between Hardy and Intrepid and now have the type=NNNN field before the audit tag like--
Nov 1 22:24:43 box kernel: [ 158.113592] type=1503 audit(1225603483.635:5): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=7 name="/proc/7034/net/" pid=7034 profile="/usr/sbin/cupsd" I believe this patch will address the moved type=NNNN field as well as capturing non-matching logfile input instead of printing it to stdout. ** Attachment added: "deal with moved type=NNNN field and capture non-matching input" http://launchpadlibrarian.net/19274373/logprof-syslog.diff -- aa-logprof generates faulty output messages https://bugs.launchpad.net/bugs/271252 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs