Jesse: I think they're two distinct issues, but both should be fixed. WRT the passthrough issue, I think just dropping not understood characters is okay; it already tries to do that, though in other situations it moves to the 'unknown_message' state and tries to save the rest of the message in the ->info field. The log parsing library was originally targeted towards parsing the output of auditd and not syslog (since the latter is spoofable), and so has had less thought with respect to its design.
Dealing with the new format should definitely be fixed; you should probably add the case where there's no dmesg timestamp (unless that option is no longer configurable in the kernel) but the key_type is present; this is less important for Ubuntu. I've added testcases for both issues in the upstream svn repo, commits 1307 and 1308. -- aa-logprof generates faulty output messages https://bugs.launchpad.net/bugs/271252 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
