It looks like the format for audit messages that show up in /var/log/messages when auditd is not running changed between Hardy and Intrepid.
The type=NNNN part of the message was after the "audit(NNNNNNNNNN.NNN:NN):" part in Hardy, but before it in Intrepid and that's likely causing the log parsing code to break. As a temporary workaround, I think installing the auditd package so that audit logs go to /var/log/audit/audit.log instead of /var/log/messages might work, but I'd suggest increasing max_log_file in /etc/audit/auditd.conf if AA is being used. -- aa-logprof generates faulty output messages https://bugs.launchpad.net/bugs/271252 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
