Description of problem: When using ausearch to search for a subject, the tool does not return any DAEMON_END records that contain that subject. Version-Release number of selected component (if applicable): audit-1.3.1-3 How reproducible: always Steps to Reproduce: 1. Stop and start the audit daemon 2. ausearch -m DAEMON_END to print the DAEMON_END record to see the subject 3. ausearch -su 'subject-from-step2' Actual results: no DAEMON_END matches found Expected results: DAEMON_END record should match Additional info:
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
built audit-1.3.1-4 to solve this problem.
Tom, can you verify that this is fixed in the updated package? Thanks.
Verified fixed in audit-1.3.1-4.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0602.html