Steve Grubb
Steve Grubb
Thanks for the patch, but I don't see any benefit to supporting this syscall.
Probably the log is missing a newline and getline runs off the end. It uses memchr to look for newline. I used to fuzz the logs. But I realized hardening...
There is the --input-logs option which tells it ignore the pipe and use the logs from auditd.conf
I'll look at this next week.
@Cropi The only drawback is that this is based on time. To test this, I used a log file from 2021 and piped that to aureport --log. It reported 2025...