Bug 809311 - unmatched entries in selinux audit logwatch part
Summary: unmatched entries in selinux audit logwatch part
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Synacek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-03 05:05 UTC by Ivana Varekova
Modified: 2012-05-21 05:48 UTC (History)
5 users (show)

Fixed In Version: logwatch-7.4.0-12.20120229svn100.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-21 05:48:18 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ivana Varekova 2012-04-03 05:05:11 UTC 
Description of problem:
I found bunch of unmatched entries in logwatch log. They should be properly parsed.

Version-Release number of selected component (if applicable):
logwatch-7.4.0-6.20110328svn50.fc16.noarch

How reproducible:
always

  
Actual results:
--------------------- Selinux Audit Begin ------------------------ 

 **Unmatched Entries** 
  type=1130 audit(1333351034.357:126): user pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="auditd" exe="/bin/systemd" hostname=? addr=? terminal=? res=success'
  type=1131 audit(1333351034.357:127): user pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="auditd" exe="/bin/systemd" hostname=? addr=? terminal=? res=success'
  No rules
  AUDIT_STATUS: enabled=1 flag=1 pid=950 rate_limit=0 backlog_limit=320 lost=0 backlog=0
  No rules
  AUDIT_STATUS: enabled=0 flag=1 pid=969 rate_limit=0 backlog_limit=320 lost=0 backlog=0
 
 ---------------------- Selinux Audit End -------------------------
Comment 1 Jan Synacek 2012-04-25 07:36:41 UTC 
Could you please check if these are gone with the latest version? http://koji.fedoraproject.org/koji/taskinfo?taskID=4021262

Thank you!
Comment 2 Jan Synacek 2012-05-04 08:22:01 UTC 
Not present in f17.
Comment 3 Jan Synacek 2012-05-09 10:36:06 UTC 
Fixed in rawhide.

Update for F16 underway.
Note You need to log in before you can comment on or make changes to this bug.