29 lines
899 B
Diff
29 lines
899 B
Diff
From: Enzo Matsumiya <ematsumiya@suse.de>
|
|
Subject: auditd.conf: change default log_format
|
|
References: bsc#1190500
|
|
|
|
Upstream commit bf1270cfe ("change default logging format and update roadmap")
|
|
changed the default log_format from RAW to ENRICHED.
|
|
|
|
This causes non-audit tools to not interpret the GS character (group separator,
|
|
0x1d) that splits the raw data from the enriched data, causing it to be visually
|
|
concatenated.
|
|
|
|
Since a candidate patch to change this was rejected by upstream, we change
|
|
the default log_format back to RAW instead, to avoid confusion on customers'
|
|
environments.
|
|
|
|
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
|
|
|
|
--- a/init.d/auditd.conf
|
|
+++ b/init.d/auditd.conf
|
|
@@ -6,7 +6,7 @@ local_events = yes
|
|
write_logs = yes
|
|
log_file = /var/log/audit/audit.log
|
|
log_group = audit
|
|
-log_format = ENRICHED
|
|
+log_format = RAW
|
|
flush = INCREMENTAL_ASYNC
|
|
freq = 50
|
|
max_log_file = 8
|