Overview

File change-default-log_format.patch of Package audit-secondary.25463

From: Enzo Matsumiya <ematsumiya@suse.de>
Subject: auditd.conf: change default log_format
References: bsc#1190500

Upstream commit bf1270cfe ("change default logging format and update roadmap")
changed the default log_format from RAW to ENRICHED.

This causes non-audit tools to not interpret the GS character (group separator,
0x1d) that splits the raw data from the enriched data, causing it to be visually
concatenated.

Since a candidate patch to change this was rejected by upstream, we change
the default log_format back to RAW instead, to avoid confusion on customers'
environments.

Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>

--- a/init.d/auditd.conf
+++ b/init.d/auditd.conf
@@ -6,7 +6,7 @@ local_events = yes
 write_logs = yes
 log_file = /var/log/audit/audit.log
 log_group = audit
-log_format = ENRICHED
+log_format = RAW
 flush = INCREMENTAL_ASYNC
 freq = 50
 max_log_file = 8
openSUSE Build Service is sponsored by
Places