update logparser.py to support the changed syslog format by adding

(audit:\s+)? to RE_LOG_v2_6_syslog References: https://bugs.launchpad.net/apparmor/+bug/1399027 Acked-by: Seth Arnold <seth.arnold@canonical.com> (for trunk) Acked-by: Steve Beattie <steve@nxnw.org> for 2.9 as well
2025-08-31 14:25:52 +00:00 · 2015-01-17 14:35:38 +01:00
parent 70cda06789
commit 53d071adf5
1 changed files with 1 additions and 1 deletions
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -25,7 +25,7 @@ from apparmor.translations import init_translation
 _ = init_translation()

 class ReadLog:
-    RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=')
+    RE_LOG_v2_6_syslog = re.compile('kernel:\s+(\[[\d\.\s]+\]\s+)?(audit:\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=')
    RE_LOG_v2_6_audit = re.compile('type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor=')
    # Used by netdomain to identify the operation types
    # New socket names