Hello steve,
the log which type is MAC_IPSEC_EVENT, MAC_UNLBL_STCADD and MAC_UNLBL_STCDEL
cannot be parsed in function extract_search_items().
Signed-off-by: Peng Haitao <[EMAIL PROTECTED]>
---
src/ausearch-parse.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 5ba0fde..d2cb44d 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -211,7 +211,7 @@ int extract_search_items(llist *l)
AUDIT_FIRST_KERN_ANOM_MSG...AUDIT_LAST_KERN_ANOM_MSG:
ret = parse_kernel_anom(n, s);
break;
- case AUDIT_MAC_POLICY_LOAD...AUDIT_MAC_IPSEC_DELSPD:
+ case AUDIT_MAC_POLICY_LOAD...AUDIT_MAC_UNLBL_STCDEL:
ret = parse_simple_message(n, s);
break;
case AUDIT_KERNEL:
--
1.5.3
--
Regards
Peng Haitao
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
