Hi, I was looking at some debug logs, and the audit messages are semi-useless in their current undecoded form:
mar 14 22:24:02 fedora22 audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-udev-trigger comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' mar 14 22:24:05 fedora22 audit: <audit-1327> proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0069707461626C655F7365637572697479 You added code to parse this, and I think we should make use of it and put msg= field as MESSAGE=, and maybe store the original message as _AUDIT= or something. If there's no msg field, like with proctitle, print all fields that are in the message, but using our cescape, and not this hexadecimal form which is unreadable for humans. Thoughts? Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
