Comment # 4 on bug 944125 from 
(In reply to Tony Jones from comment #3)
> (In reply to Howard Guo from comment #2)
> > Here are the audit messages coming from kernel:
> > 
> > Sep 03 09:21:23 g123 opera[27322]: <audit-1326> auid=1000 uid=1000 gid=100
> > ses=2 pid=27322 comm="opera" exe="/usr/lib/x86_64-linux-gnu/opera/opera"
> > sig=0 arch=c000003e syscall=2 compat=0 ip=0x7ff3d07ef11f code=0x5
> > 0000
> > Sep 03 09:21:23 g123 kernel: audit: type=1326 audit(1441264883.110:5311):
> > auid=1000 uid=1000 gid=100 ses=2 pid=27322 comm="opera"
> > exe="/usr/lib/x86_64-linux-gnu/opera/opera" sig=0 arch=c000003e syscall=2
> > compat=0 
> > ip=0x7ff3d07ef11f code=0x50000
> > Sep 03 09:21:23 g123 opera[27322]: <audit-1326> auid=1000 uid=1000 gid=100
> > ses=2 pid=27322 comm="opera" exe="/usr/lib/x86_64-linux-gnu/opera/opera"
> > sig=0 arch=c000003e syscall=2 compat=0 ip=0x7ff3d07ef11f code=0x5
> > 0000
> > Sep 03 09:21:23 g123 kernel: audit: type=1326 audit(1441264883.172:5312):
> > auid=1000 uid=1000 gid=100 ses=2 pid=27322 comm="opera"
> > exe="/usr/lib/x86_64-linux-gnu/opera/opera" sig=0 arch=c000003e syscall=2
> > compat=0 
> > ip=0x7ff3d07ef11f code=0x50000
> 
> I understand they are coming from the kernel but which file are you
> extracting them from?  As I said, the format of the messages is not normal.

Oh I see, you do have the normal format in there.  You just also have this
"<audit-msg#> format that I've never seen before.   I'm not sure who is issuing
that, I'll have to check.   The messages "kernel: audit: type=" are what I was
expecting.  Sorry for noise.

You are receiving this mail because: