summary: 'Test for bz235398 (LSPP: ausearch does not correctly find out of)'
description: |
    Bug summary: LSPP: ausearch does not correctly find out of order records
    Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=235398

    Description:

    Description of problem:
    When record parts are distributed in the log file(ie separated by other 
    records that have a different timestamp/number), ausearch does not correcly 
    search through them. The first record part will be found, but not the other 
    record parts.

    Version-Release number of selected component (if applicable):
    audit-1.3.1-3

    How reproducible:
    always

    Steps to Reproduce:
    1. ausearch -c python -if ausearch-good-audit.log
    2. ausearch -c python -if ausearch-bad-audit.log
     (the logs are attached in this bugzilla)
      
    Actual results:
    1. The first one returns all records.
    2. The second one returns only a single record.

    Expected results:
    All records should be returned from both logs

    NOTE: Depending on your local timezone or system time format, the reference
    results might cause the test to produce false-negative. This could be safely
    waived.
contact: omoris@redhat.com
component:
  - audit
test: ./runtest.sh
recommend:
  - audit
duration: 5m
enabled: true
tag:
  - Tier3
  - Tier3security
  - fedora-wanted
tier: '3'
link:
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=235398
extra-nitrate: TC#0063621
extra-summary: /CoreOS/audit/Regression/bz235398-LSPP-ausearch-does-not-correctly-find-out-of
extra-task: /CoreOS/audit/Regression/bz235398-LSPP-ausearch-does-not-correctly-find-out-of