Bug 809311

Summary: unmatched entries in selinux audit logwatch part
Product: [Fedora] Fedora Reporter: Ivana Varekova <varekova>
Component: logwatchAssignee: Jan Synacek <jsynacek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: frank, jsynacek, kklic, richardfearn, varekova
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: logwatch-7.4.0-12.20120229svn100.fc16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-21 05:48:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ivana Varekova 2012-04-03 05:05:11 UTC 
Description of problem:
I found bunch of unmatched entries in logwatch log. They should be properly parsed.

Version-Release number of selected component (if applicable):
logwatch-7.4.0-6.20110328svn50.fc16.noarch

How reproducible:
always

  
Actual results:
--------------------- Selinux Audit Begin ------------------------ 

 **Unmatched Entries** 
  type=1130 audit(1333351034.357:126): user pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="auditd" exe="/bin/systemd" hostname=? addr=? terminal=? res=success'
  type=1131 audit(1333351034.357:127): user pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="auditd" exe="/bin/systemd" hostname=? addr=? terminal=? res=success'
  No rules
  AUDIT_STATUS: enabled=1 flag=1 pid=950 rate_limit=0 backlog_limit=320 lost=0 backlog=0
  No rules
  AUDIT_STATUS: enabled=0 flag=1 pid=969 rate_limit=0 backlog_limit=320 lost=0 backlog=0
 
 ---------------------- Selinux Audit End -------------------------
Comment 1 Jan Synacek 2012-04-25 07:36:41 UTC 
Could you please check if these are gone with the latest version? http://koji.fedoraproject.org/koji/taskinfo?taskID=4021262

Thank you!
Comment 2 Jan Synacek 2012-05-04 08:22:01 UTC 
Not present in f17.
Comment 3 Jan Synacek 2012-05-09 10:36:06 UTC 
Fixed in rawhide.

Update for F16 underway.