On Mon, Mar 16, 2015 at 06:33:39PM +0100, David Herrmann wrote: > Hi > > On Sun, Mar 15, 2015 at 3:49 AM, Zbigniew Jędrzejewski-Szmek > <[email protected]> wrote: > > Hi, > > > > I was looking at some debug logs, and the audit messages are > > semi-useless in their current undecoded form: > > > > mar 14 22:24:02 fedora22 audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 > > ses=4294967295 subj=system_u:system_r:init_t:s0 > > msg='unit=systemd-udev-trigger comm="systemd" > > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' > > mar 14 22:24:05 fedora22 audit: <audit-1327> > > proctitle=2F7362696E2F6D6F6470726F6265002D71002D2D0069707461626C655F7365637572697479 > > > > You added code to parse this, and I think we should make use of it and > > put msg= field as MESSAGE=, and maybe store the original message as > > _AUDIT= or something. If there's no msg field, like with proctitle, > > print all fields that are in the message, but using our cescape, and > > not this hexadecimal form which is unreadable for humans. > > Audit messages cannot be parsed reliably. They don't do escaping and > it's really a big mess. I'm not saying we shouldn't try it, but just > as a heads-up, this might cause some troubles. Lennart already implemented parsing. I'm sure it's not perfect, but it doesn't really have to be. If we can parse the most common messages than it would already be a big improvement.
Zbyszek _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
