diff -urp audit-2.6.7/audisp/audispd-builtins.c audit-2.6.7.orig/audisp/audispd-builtins.c
--- audit-2.6.7/audisp/audispd-builtins.c	2016-08-02 11:55:31.000000000 -0400
+++ audit-2.6.7.orig/audisp/audispd-builtins.c	2016-08-09 12:32:54.524964714 -0400
@@ -327,10 +327,24 @@ static void init_syslog(const plugin_con
 	syslog_started = 1;
 }
 
-void send_syslog(const char *s)
+void send_syslog(const char *s, uint32_t ver)
 {
-	if (syslog_started) 
+	if (syslog_started) {
+		if (ver == AUDISP_PROTOCOL_VER2) {
+			char *ptr = strdup(s);
+			if (ptr) {
+				char *c = strchr(ptr, AUDIT_INTERP_SEPARATOR);
+				if (c)
+					*c = ' ';
+				syslog(priority, "%s", ptr);
+				free(ptr);
+				return;
+			}
+		}
+		// Everything should fall through except success because
+		// something is better than nothing.
 		syslog(priority, "%s", s);
+	}
 }
 
 void destroy_syslog(void)
diff -urp audit-2.6.7/audisp/audispd-builtins.h audit-2.6.7.orig/audisp/audispd-builtins.h
--- audit-2.6.7/audisp/audispd-builtins.h	2016-08-02 11:55:31.000000000 -0400
+++ audit-2.6.7.orig/audisp/audispd-builtins.h	2016-08-09 12:25:38.274976900 -0400
@@ -31,7 +31,7 @@ void stop_builtin(plugin_conf_t *conf);
 void send_af_unix_string(const char *s, unsigned int len);
 void send_af_unix_binary(event_t *e);
 void destroy_af_unix(void);
-void send_syslog(const char *s);
+void send_syslog(const char *s, uint32_t ver);
 void destroy_syslog(void);
 
 typedef void (*poll_callback_ptr)(int fd);
diff -urp audit-2.6.7/audisp/audispd.c audit-2.6.7.orig/audisp/audispd.c
--- audit-2.6.7/audisp/audispd.c	2016-08-02 11:55:31.000000000 -0400
+++ audit-2.6.7.orig/audisp/audispd.c	2016-08-09 12:25:06.357977791 -0400
@@ -684,7 +684,7 @@ static int event_loop(void)
 
 			/* Now send the event to the right child */
 			if (conf->p->type == S_SYSLOG) 
-				send_syslog(v);
+				send_syslog(v, e->hdr.ver);
 			else if (conf->p->type == S_AF_UNIX) {
 				if (conf->p->format == F_STRING)
 					send_af_unix_string(v, len);