Comment 11 for bug 271252
Revision history for this message
| Steve Beattie (sbeattie) wrote Re: [Bug 271252] Re: aa-logprof generates faulty output messages | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Jesse: I think they're two distinct issues, but both should be fixed.
WRT the passthrough issue, I think just dropping not understood characters
is okay; it already tries to do that, though in other situations it moves
to the 'unknown_message' state and tries to save the rest of the message
in the ->info field. The log parsing library was originally targeted
towards parsing the output of auditd and not syslog (since the latter
is spoofable), and so has had less thought with respect to its design.
Dealing with the new format should definitely be fixed; you should
probably add the case where there's no dmesg timestamp (unless that option
is no longer configurable in the kernel) but the key_type is present;
this is less important for Ubuntu.
I've added testcases for both issues in the upstream svn repo, commits
1307 and 1308.