Comment 9 for bug 271252

I think this patch might fix the problem. The format of audit messages that are redirected to syslog because auditd isn't running changed between Hardy and Intrepid and now have the type=NNNN field before the audit tag like--

Nov 1 22:24:43 box kernel: [ 158.113592] type=1503 audit(1225603483.635:5): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=7 name="/proc/7034/net/" pid=7034 profile="/usr/sbin/cupsd"

I believe this patch will address the moved type=NNNN field as well as capturing non-matching logfile input instead of printing it to stdout.