[apparmor] [patch] fix logparser.py to support changes syslog format
Christian Boltz
apparmor at cboltz.de
Fri Jan 16 21:40:39 UTC 2015
Hello,
this patch updates logparser.py to support the changed syslog format by
adding (audit:\s+)? to RE_LOG_v2_6_syslog.
References: https://bugs.launchpad.net/apparmor/+bug/1399027
[ logparser-lp1399027.diff ]
=== modified file 'utils/apparmor/logparser.py'
--- utils/apparmor/logparser.py 2014-08-20 22:55:44 +0000
+++ utils/apparmor/logparser.py 2015-01-16 21:24:45 +0000
@@ -25,7 +25,7 @@
_ = init_translation()
class ReadLog:
- RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=')
+ RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?(audit:\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=')
RE_LOG_v2_6_audit = re.compile('type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor=')
# Used by netdomain to identify the operation types
# New socket names
Regards,
Christian Boltz
--
Please, if you use any of my code in your giant list of bad coding
practices, feel free to not attribute me. :) [Seth Arnold in apparmor]
More information about the AppArmor
mailing list