On 09/15, Steve Grubb wrote:
There is another log format, RAW, which should be suitable for the old tools. Also, I don't understand what problems that causes. You haven't exactly explained what the problem is and why this is needed. The ENRICHED format has been documented for over 5 years. Plenty of time for tools to become aware. ...
Again, the change was only cosmetic for when you "cat /var/log/audit/audit.log" -- no problems otherwise.
Without more context, I am reluctant to change a documented standard that has existed for over 5 years. https://github.com/linux-audit/audit-documentation/wiki/SPEC-Audit-Event-Enrichment
Please drop it then. I'll work on changing the default log_format back to RAW for future SLES releases. Cheers, Enzo -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
