diff -urp audit-2.3.5.orig/src/ausearch-common.h audit-2.3.5/src/ausearch-common.h
--- audit-2.3.5.orig/src/ausearch-common.h	2014-03-12 12:30:31.000000000 -0400
+++ audit-2.3.5/src/ausearch-common.h	2014-03-17 17:08:27.200016460 -0400
@@ -1,5 +1,5 @@
 /* ausearch-common.h -- 
- * Copyright 2006-08,2010 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2006-08,2010,2014 Red Hat Inc., Durham, North Carolina.
  * Copyright (c) 2011 IBM Corp.
  * All Rights Reserved.
  *
@@ -41,6 +41,7 @@ extern const char *event_filename;
 extern const char *event_hostname;
 extern const char *event_terminal;
 extern int event_syscall;
+extern int event_machine;
 extern const char *event_exe;
 extern int event_ua, event_ga;
 extern int event_exit, event_exit_is_set;
diff -urp audit-2.3.5.orig/src/ausearch-match.c audit-2.3.5/src/ausearch-match.c
--- audit-2.3.5.orig/src/ausearch-match.c	2014-03-12 12:30:31.000000000 -0400
+++ audit-2.3.5/src/ausearch-match.c	2014-03-17 17:08:27.200016460 -0400
@@ -84,9 +84,14 @@ int match(llist *l)
 				if ((event_pid != -1) && 
 						(event_pid != l->s.pid))
 					return 0;
-				if ((event_syscall != -1) &&
-						(event_syscall != l->s.syscall))
-					return 0;
+				if (event_syscall != -1) {
+					if (event_syscall != l->s.syscall)
+						return 0;
+					if (event_machine != -1 && 
+						(event_machine !=
+					audit_elf_to_machine(l->s.arch)))
+						return 0;
+				}
 				if ((event_session_id != -2) &&
 					(event_session_id != l->s.session_id))
 					return 0;
diff -urp audit-2.3.5.orig/src/ausearch-options.c audit-2.3.5/src/ausearch-options.c
--- audit-2.3.5.orig/src/ausearch-options.c	2014-03-12 12:30:31.000000000 -0400
+++ audit-2.3.5/src/ausearch-options.c	2014-03-17 17:08:27.200016460 -0400
@@ -49,7 +49,7 @@ pid_t event_pid = -1, event_ppid = -1;
 success_t event_success = S_UNSET;
 int event_exact_match = 0;
 uid_t event_uid = -1, event_euid = -1, event_loginuid = -2;
-int event_syscall = -1;
+int event_syscall = -1, event_machine = -1;
 int event_ua = 0, event_ga = 0, event_se = 0;
 int just_one = 0;
 int event_session_id = -2;
@@ -661,6 +661,7 @@ int check_params(int count, char *vars[]
 						optarg);
                                         retval = -1;
 				}
+				event_machine = machine;
                         }
 			c++;
 			break;
diff -urp audit-2.3.5.orig/src/ausearch-parse.c audit-2.3.5/src/ausearch-parse.c
--- audit-2.3.5.orig/src/ausearch-parse.c	2014-03-12 12:30:31.000000000 -0400
+++ audit-2.3.5/src/ausearch-parse.c	2014-03-17 17:09:33.344014612 -0400
@@ -1883,6 +1883,37 @@ static int parse_kernel_anom(const lnode
 		} 
 	}
 
+	if (n->type == AUDIT_SECCOMP) {
+		// get arch
+		str = strstr(term, "arch=");
+		if (str == NULL) 
+			return 0; // A few kernel versions don't have it
+		ptr = str + 5;
+		term = strchr(ptr, ' ');
+		if (term == NULL) 
+			return 12;
+		*term = 0;
+		errno = 0;
+		s->arch = (int)strtoul(ptr, NULL, 16);
+		if (errno) 
+			return 13;
+		*term = ' ';
+		// get syscall
+		str = strstr(term, "syscall=");
+		if (str == NULL)
+			return 14;
+		ptr = str + 8;
+		term = strchr(ptr, ' ');
+		if (term == NULL)
+			return 15;
+		*term = 0;
+		errno = 0;
+		s->syscall = (int)strtoul(ptr, NULL, 10);
+		if (errno)
+			return 16;
+		*term = ' ';
+	}
+
 	return 0;
 }
 
diff -urp audit-2.3.5.orig/src/ausearch-report.c audit-2.3.5/src/ausearch-report.c
--- audit-2.3.5.orig/src/ausearch-report.c	2014-03-12 12:30:31.000000000 -0400
+++ audit-2.3.5/src/ausearch-report.c	2014-03-17 17:08:27.201016460 -0400
@@ -335,7 +335,7 @@ static void interpret(char *name, char *
 	}
 	type = auparse_interp_adjust_type(rtype, name, val);
 
-	if (rtype == AUDIT_SYSCALL) {
+	if (rtype == AUDIT_SYSCALL || rtype == AUDIT_SECCOMP) {
 		if (machine == (unsigned long)-1) 
 			machine = audit_detect_machine();
 		if (*name == 'a' && strcmp(name, "arch") == 0) {