Bug 461783

Summary: audit record ID header syntax change of "host" to "node"
Product: [Fedora] Fedora Reporter: John Dennis <jdennis>
Component: setroubleshootAssignee: John Dennis <jdennis>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: jdennis
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-10 16:38:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Dennis 2008-09-10 15:31:42 UTC 
The audit system recently began prepending audit records with the host name. This information supposed to have been formatted thusly:

host=foo.example.com type=AVC_PATH msg=audit(1166045975.667:1128):

however the field name was later changed to "node", e.g.:

node=foo.example.com type=AVC_PATH msg=audit(1166045975.667:1128):

on the belief a field name of "host" would conflict with other uses of the field "host" which might appear elsewhere in audit records (technically this is not valid because the two uses of "host" appear in semantically different portions of the audit record and thus do not conflict and a good parser can tell the difference). 

Thus we need to change the field "host" to "node" when parsing the audit record ID header. We also need to change the framework/test/data/audit/* files because they no longer match what the audit system actually emits.
Comment 1 John Dennis 2008-09-10 16:38:10 UTC 
I've made the fixes, checked them into mercurial. However, I have not tested the fix (only needed to fix where we read the value and where we write it, both pretty simple, I expect it will work fine, plus you only hit this code if the node name reporting feature is turned on in audit, normally it's not).