f725649490
- ausearch: correct search for DAEMON related events - allow hex digits when interpreting tty data Resolves: RHEL-82279 - Fix TTY hostname in log messages Resolves: RHEL-78323
16 lines
509 B
Diff
16 lines
509 B
Diff
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
|
|
index 7d9731842..e77fbf129 100644
|
|
--- a/src/ausearch-parse.c
|
|
+++ b/src/ausearch-parse.c
|
|
@@ -1549,7 +1549,9 @@ static int parse_daemon1(const lnode *n, search_items *s)
|
|
|
|
// uid - optional
|
|
if (event_uid != -1) {
|
|
- ptr = term;
|
|
+ // As the uid= field may happen in different orders, e.g. both before
|
|
+ // and after pid=, let us search for the uid from the beginning.
|
|
+ term = mptr;
|
|
str = strstr(term, " uid=");
|
|
if (str) {
|
|
ptr = str + 5;
|