summary: Sanity of log_format option of auditd
description: |+
    Test that log_format options of auditd works as expected.

    The log_format describes how the information should be stored on disk.
    There are 2 options and 1 depreated: 

      * NOLOG    - deprecated, if you are setting this format, now you should set 
                   the write_logs option to no;

      * RAW      - the audit records will be stored in a format exactly as the 
                   kernel sends it (default);

      * ENRICHED - will resolve all uid, gid, syscall,  architecture, and socket
                   address information before writing the event to disk. This aids 
                   in making sense of events created on one system but 
                   reported/analized on another system. 


contact: Ondrej Moris <omoris@redhat.com>
component:
  - audit
test: ./runtest.sh
recommend:
  - audit
  - audispd-plugins
  - vim-common
duration: 5m
enabled: true
tag:
  - CI-Tier-1
  - NoRHEL4
  - NoRHEL5
  - NoRHEL6
  - TIPfail
  - TIPfail_Security
  - Tier1
  - Tier1security
tier: '1'
link:
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1414812
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1406525
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1382397
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1127343
adjust:
  - enabled: false
    when: distro == rhel-4, rhel-5, rhel-6
    continue: false
extra-nitrate: TC#0534813
extra-summary: /CoreOS/audit/Sanity/options-log-format
extra-task: /CoreOS/audit/Sanity/options-log-format