|
 |
c672a9 |
diff -urp audit-2.6.7/audisp/audispd-builtins.c audit-2.6.7.orig/audisp/audispd-builtins.c
|
|
|
c672a9 |
--- audit-2.6.7/audisp/audispd-builtins.c 2016-08-02 11:55:31.000000000 -0400
|
|
|
c672a9 |
+++ audit-2.6.7.orig/audisp/audispd-builtins.c 2016-08-09 12:32:54.524964714 -0400
|
|
|
c672a9 |
@@ -327,10 +327,24 @@ static void init_syslog(const plugin_con
|
|
|
c672a9 |
syslog_started = 1;
|
|
|
c672a9 |
}
|
|
|
c672a9 |
|
|
|
c672a9 |
-void send_syslog(const char *s)
|
|
|
c672a9 |
+void send_syslog(const char *s, uint32_t ver)
|
|
|
c672a9 |
{
|
|
|
c672a9 |
- if (syslog_started)
|
|
|
c672a9 |
+ if (syslog_started) {
|
|
|
c672a9 |
+ if (ver == AUDISP_PROTOCOL_VER2) {
|
|
|
c672a9 |
+ char *ptr = strdup(s);
|
|
|
c672a9 |
+ if (ptr) {
|
|
|
c672a9 |
+ char *c = strchr(ptr, AUDIT_INTERP_SEPARATOR);
|
|
|
c672a9 |
+ if (c)
|
|
|
c672a9 |
+ *c = ' ';
|
|
|
c672a9 |
+ syslog(priority, "%s", ptr);
|
|
|
c672a9 |
+ free(ptr);
|
|
|
c672a9 |
+ return;
|
|
|
c672a9 |
+ }
|
|
|
c672a9 |
+ }
|
|
|
c672a9 |
+ // Everything should fall through except success because
|
|
|
c672a9 |
+ // something is better than nothing.
|
|
|
c672a9 |
syslog(priority, "%s", s);
|
|
|
c672a9 |
+ }
|
|
|
c672a9 |
}
|
|
|
c672a9 |
|
|
|
c672a9 |
void destroy_syslog(void)
|
|
|
c672a9 |
diff -urp audit-2.6.7/audisp/audispd-builtins.h audit-2.6.7.orig/audisp/audispd-builtins.h
|
|
|
c672a9 |
--- audit-2.6.7/audisp/audispd-builtins.h 2016-08-02 11:55:31.000000000 -0400
|
|
|
c672a9 |
+++ audit-2.6.7.orig/audisp/audispd-builtins.h 2016-08-09 12:25:38.274976900 -0400
|
|
|
c672a9 |
@@ -31,7 +31,7 @@ void stop_builtin(plugin_conf_t *conf);
|
|
|
c672a9 |
void send_af_unix_string(const char *s, unsigned int len);
|
|
|
c672a9 |
void send_af_unix_binary(event_t *e);
|
|
|
c672a9 |
void destroy_af_unix(void);
|
|
|
c672a9 |
-void send_syslog(const char *s);
|
|
|
c672a9 |
+void send_syslog(const char *s, uint32_t ver);
|
|
|
c672a9 |
void destroy_syslog(void);
|
|
|
c672a9 |
|
|
|
c672a9 |
typedef void (*poll_callback_ptr)(int fd);
|
|
|
c672a9 |
diff -urp audit-2.6.7/audisp/audispd.c audit-2.6.7.orig/audisp/audispd.c
|
|
|
c672a9 |
--- audit-2.6.7/audisp/audispd.c 2016-08-02 11:55:31.000000000 -0400
|
|
|
c672a9 |
+++ audit-2.6.7.orig/audisp/audispd.c 2016-08-09 12:25:06.357977791 -0400
|
|
|
c672a9 |
@@ -684,7 +684,7 @@ static int event_loop(void)
|
|
|
c672a9 |
|
|
|
c672a9 |
/* Now send the event to the right child */
|
|
|
c672a9 |
if (conf->p->type == S_SYSLOG)
|
|
|
c672a9 |
- send_syslog(v);
|
|
|
c672a9 |
+ send_syslog(v, e->hdr.ver);
|
|
|
c672a9 |
else if (conf->p->type == S_AF_UNIX) {
|
|
|
c672a9 |
if (conf->p->format == F_STRING)
|
|
|
c672a9 |
send_af_unix_string(v, len);
|