type=DAEMON_START msg=audit(1175762476.444:3306) auditd start, ver=1.3.1, format=raw, auid=500 pid=30043 res=success, auditd pid=30043
type=CONFIG_CHANGE msg=audit(1175762476.504:66792): audit_enabled=1 old=1 by auid=500 subj=user_u:system_r:auditd_t:s0
type=SYSCALL msg=audit(1175762476.503:66791): arch=c000003e syscall=4 success=no exit=-13 a0=373cb20 a1=7fffa472d520 a2=7fffa472d520 a3=373cb20 items=1 ppid=30043 pid=30045 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python" subj=user_u:system_r:auditd_t:s0 key=(null)
type=AVC_PATH msg=audit(1175762476.503:66791):  path="/var/run/audit_events"
type=CWD msg=audit(1175762476.503:66791):  cwd="/"
type=PATH msg=audit(1175762476.503:66791): item=0 name="/var/run/audit_events" inode=2097204 dev=fd:00 mode=0140755 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:var_run_t:s0
type=CONFIG_CHANGE msg=audit(1175762476.510:66793): audit_backlog_limit=256 old=256 by auid=500 subj=user_u:system_r:auditctl_t:s0
type=CONFIG_CHANGE msg=audit(1175762478.519:66794): auid=500 subj=user_u:system_r:auditctl_t:s0 op=add rule key=(null) list=5 res=1
type=CONFIG_CHANGE msg=audit(1175762478.525:66795): auid=500 subj=user_u:system_r:auditctl_t:s0 op=add rule key="ausearch_test_rule" list=2 res=1
type=USER_AUTH msg=audit(1175762480.536:66796): user pid=30054 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: authentication acct=ausrch_u : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=USER_ACCT msg=audit(1175762480.537:66797): user pid=30054 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: accounting acct=ausrch_u : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=USER_START msg=audit(1175762480.537:66798): user pid=30054 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session open acct=ausrch_u : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=CRED_ACQ msg=audit(1175762480.537:66799): user pid=30054 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: setcred acct=ausrch_u : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=SYSCALL msg=audit(1175762480.543:66800): arch=c000003e syscall=90 success=yes exit=0 a0=7110b0 a1=1ff a2=1ff a3=0 items=1 ppid=30054 pid=30055 auid=500 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) comm="chmod" exe="/bin/chmod" subj=user_u:system_r:unconfined_t:s0 key="ausearch_test_rule"
type=CWD msg=audit(1175762480.543:66800):  cwd="/rhcc/lspp/tests/LTP/ltp-merged/testcases/audit/audit_tools"
type=PATH msg=audit(1175762480.543:66800): item=0 name="/tmp/ausearch_foo" inode=2195460 dev=fd:00 mode=0100644 ouid=503 ogid=0 rdev=00:00 obj=user_u:object_r:tmp_t:s0
type=CRED_DISP msg=audit(1175762480.544:66801): user pid=30054 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: setcred acct=ausrch_u : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=USER_END msg=audit(1175762480.544:66802): user pid=30054 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session close acct=ausrch_u : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=SYSCALL msg=audit(1175762480.548:66803): arch=c000003e syscall=90 success=yes exit=0 a0=193bf0b0 a1=1ed a2=1ed a3=0 items=1 ppid=29973 pid=30056 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="chmod" exe="/bin/chmod" subj=user_u:system_r:unconfined_t:s0 key="ausearch_test_rule"
type=CWD msg=audit(1175762480.548:66803):  cwd="/rhcc/lspp/tests/LTP/ltp-merged/testcases/audit/audit_tools"
type=PATH msg=audit(1175762480.548:66803): item=0 name="do_login" inode=689275 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:bin_t:s0
type=USER_AUTH msg=audit(1175762493.575:66804): user pid=30065 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: authentication acct=ausrch_u : exe="/usr/sbin/sshd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=USER_ACCT msg=audit(1175762493.576:66805): user pid=30065 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: accounting acct=ausrch_u : exe="/usr/sbin/sshd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1175762493.641:66806): user pid=30063 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct=ausrch_u : exe="/usr/sbin/sshd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=LOGIN msg=audit(1175762493.642:66807): login pid=30063 uid=0 old auid=4294967295 new auid=503
type=USER_START msg=audit(1175762493.643:66808): user pid=30063 uid=0 auid=503 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session open acct=ausrch_u : exe="/usr/sbin/sshd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=CRED_REFR msg=audit(1175762493.645:66809): user pid=30066 uid=0 auid=503 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct=ausrch_u : exe="/usr/sbin/sshd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=USER_LOGIN msg=audit(1175762493.649:66810): user pid=30063 uid=0 auid=503 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='uid=503: exe="/usr/sbin/sshd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=/dev/pts/4 res=success)'
type=SYSCALL msg=audit(1175762504.737:66811): arch=c000003e syscall=90 success=yes exit=0 a0=5555557b5764 a1=1b6 a2=0 a3=0 items=1 ppid=2231 pid=30063 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 key="ausearch_test_rule"
type=CWD msg=audit(1175762504.737:66811):  cwd="/"
type=PATH msg=audit(1175762504.737:66811): item=0 name="/dev/pts/4" inode=6 dev=00:0b mode=020620 ouid=0 ogid=0 rdev=88:04 obj=user_u:object_r:devpts_t:s0
type=CRED_DISP msg=audit(1175762504.737:66812): user pid=30063 uid=0 auid=503 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: setcred acct=ausrch_u : exe="/usr/sbin/sshd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh res=success)'
type=USER_END msg=audit(1175762504.739:66813): user pid=30063 uid=0 auid=503 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='PAM: session close acct=ausrch_u : exe="/usr/sbin/sshd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh res=failed)'
type=DAEMON_END msg=audit(1175762507.787:3307) auditd normal halt, sending auid=500 pid=30107 subj=user_u:system_r:initrc_t:s0 res=success, auditd pid=30043
type=DAEMON_START msg=audit(1175762510.174:4070) auditd start, ver=1.3.1, format=raw, auid=500 pid=30160 res=success, auditd pid=30160
type=SYSCALL msg=audit(1175762510.230:66822): arch=c000003e syscall=4 success=no exit=-13 a0=1a4deb20 a1=7fff00e76c70 a2=7fff00e76c70 a3=1a4deb20 items=1 ppid=30160 pid=30162 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python" subj=user_u:system_r:auditd_t:s0 key=(null)
type=AVC_PATH msg=audit(1175762510.230:66822):  path="/var/run/audit_events"
type=CWD msg=audit(1175762510.230:66822):  cwd="/"
type=PATH msg=audit(1175762510.230:66822): item=0 name="/var/run/audit_events" inode=2097204 dev=fd:00 mode=0140755 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:var_run_t:s0
type=CONFIG_CHANGE msg=audit(1175762510.231:66823): audit_enabled=1 old=1 by auid=500 subj=user_u:system_r:auditd_t:s0
type=CONFIG_CHANGE msg=audit(1175762510.237:66824): audit_backlog_limit=256 old=256 by auid=500 subj=user_u:system_r:auditctl_t:s0