Starting Test 1, iterate...
auid=4294967295
interp auid=unset
auid=48
interp auid=apache
auid=48
interp auid=apache
Test 1 Done

Starting Test 2, walk events, records, and fields...
event: 1
records:1
fields:5
type=1006(LOGIN) line=1 file=None event time: 1143146623.787:142
type=LOGIN (LOGIN)
pid=2027 (2027)
uid=0 (root)
auid=4294967295 (unset)
auid=48 (apache)

event: 2
records:1
fields:24
type=1300(SYSCALL) line=2 file=None event time: 1143146623.875:143
type=SYSCALL (SYSCALL)
arch=c000003e (x86_64)
syscall=188 (setxattr)
success=yes (yes)
exit=0 (0)
a0=7fffffa9a9f0 (7fffffa9a9f0)
a1=3958d11333 (3958d11333)
a2=5131f0 (5131f0)
a3=20 (20)
items=1 (1)
pid=2027 (2027)
auid=48 (apache)
uid=0 (root)
gid=0 (root)
euid=0 (root)
suid=0 (root)
fsuid=0 (root)
egid=0 (root)
sgid=0 (root)
fsgid=0 (root)
tty=tty3 (tty3)
comm="login" (login)
exe="/bin/login" (/bin/login)
subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255)

event: 3
records:1
fields:10
type=1112(USER_LOGIN) line=3 file=None event time: 1143146623.879:146
type=USER_LOGIN (USER_LOGIN)
pid=2027 (2027)
uid=0 (root)
auid=48 (apache)
uid=48 (apache)
exe="/bin/login" (/bin/login)
hostname=? (?)
addr=? (?)
terminal=tty3 (tty3)
res=success (success)

Test 2 Done

Starting Test 3, walk events, records of 1 buffer...
records:1
fields:10
type=1112(USER_LOGIN) line=1 file=None event time: 1143146623.879:146

Test 3 Done

Starting Test 4, walk events, records of 1 file...
event: 1
records:4
fields:11
type=1400(AVC) line=1 file=./test.log event time: 1170021493.977:293
type=AVC (AVC)
seresult=denied (denied)
seperms=read,write (read,write)
pid=13010 (13010)
comm="pickup" (pickup)
name="maildrop" (maildrop)
dev=hda7 (hda7)
ino=14911367 (14911367)
scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
tclass=dir (dir)

fields:26
type=1300(SYSCALL) line=2 file=./test.log event time: 1170021493.977:293
type=SYSCALL (SYSCALL)
arch=c000003e (x86_64)
syscall=2 (open)
success=no (no)
exit=-13 (-13(Permission denied))
a0=5555665d91b0 (5555665d91b0)
a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
a2=5555665d91b8 (5555665d91b8)
a3=0 (0)
items=1 (1)
ppid=2013 (2013)
pid=13010 (13010)
auid=4294967295 (unset)
uid=89 (unknown(89))
gid=89 (unknown(89))
euid=89 (unknown(89))
suid=89 (unknown(89))
fsuid=89 (unknown(89))
egid=89 (unknown(89))
sgid=89 (unknown(89))
fsgid=89 (unknown(89))
tty=(none) ((none))
comm="pickup" (pickup)
exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
key=(null) ((null))

fields:2
type=1307(CWD) line=3 file=./test.log event time: 1170021493.977:293
type=CWD (CWD)
cwd="/var/spool/postfix" (/var/spool/postfix)

fields:10
type=1302(PATH) line=4 file=./test.log event time: 1170021493.977:293
type=PATH (PATH)
item=0 (0)
name="maildrop" (maildrop)
inode=14911367 (14911367)
dev=03:07 (03:07)
mode=040730 (dir, 730)
ouid=89 (unknown(89))
ogid=90 (unknown(90))
rdev=00:00 (00:00)
obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

event: 2
records:1
fields:11
type=1101(USER_ACCT) line=5 file=./test.log event time: 1170021601.340:294
type=USER_ACCT (USER_ACCT)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 3
records:1
fields:11
type=1103(CRED_ACQ) line=6 file=./test.log event time: 1170021601.342:295
type=CRED_ACQ (CRED_ACQ)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 4
records:1
fields:5
type=1006(LOGIN) line=7 file=./test.log event time: 1170021601.343:296
type=LOGIN (LOGIN)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
auid=0 (root)

event: 5
records:1
fields:11
type=1105(USER_START) line=8 file=./test.log event time: 1170021601.344:297
type=USER_START (USER_START)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 6
records:1
fields:11
type=1104(CRED_DISP) line=9 file=./test.log event time: 1170021601.364:298
type=CRED_DISP (CRED_DISP)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 7
records:1
fields:11
type=1106(USER_END) line=10 file=./test.log event time: 1170021601.366:299
type=USER_END (USER_END)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

Test 4 Done

Starting Test 5, walk events, records of 2 files...
event: 1
records:4
fields:11
type=1400(AVC) line=1 file=test.log event time: 1170021493.977:293
type=AVC (AVC)
seresult=denied (denied)
seperms=read,write (read,write)
pid=13010 (13010)
comm="pickup" (pickup)
name="maildrop" (maildrop)
dev=hda7 (hda7)
ino=14911367 (14911367)
scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
tclass=dir (dir)

fields:26
type=1300(SYSCALL) line=2 file=test.log event time: 1170021493.977:293
type=SYSCALL (SYSCALL)
arch=c000003e (x86_64)
syscall=2 (open)
success=no (no)
exit=-13 (-13(Permission denied))
a0=5555665d91b0 (5555665d91b0)
a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
a2=5555665d91b8 (5555665d91b8)
a3=0 (0)
items=1 (1)
ppid=2013 (2013)
pid=13010 (13010)
auid=4294967295 (unset)
uid=89 (unknown(89))
gid=89 (unknown(89))
euid=89 (unknown(89))
suid=89 (unknown(89))
fsuid=89 (unknown(89))
egid=89 (unknown(89))
sgid=89 (unknown(89))
fsgid=89 (unknown(89))
tty=(none) ((none))
comm="pickup" (pickup)
exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
key=(null) ((null))

fields:2
type=1307(CWD) line=3 file=test.log event time: 1170021493.977:293
type=CWD (CWD)
cwd="/var/spool/postfix" (/var/spool/postfix)

fields:10
type=1302(PATH) line=4 file=test.log event time: 1170021493.977:293
type=PATH (PATH)
item=0 (0)
name="maildrop" (maildrop)
inode=14911367 (14911367)
dev=03:07 (03:07)
mode=040730 (dir, 730)
ouid=89 (unknown(89))
ogid=90 (unknown(90))
rdev=00:00 (00:00)
obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

event: 2
records:1
fields:11
type=1101(USER_ACCT) line=5 file=test.log event time: 1170021601.340:294
type=USER_ACCT (USER_ACCT)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 3
records:1
fields:11
type=1103(CRED_ACQ) line=6 file=test.log event time: 1170021601.342:295
type=CRED_ACQ (CRED_ACQ)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 4
records:1
fields:5
type=1006(LOGIN) line=7 file=test.log event time: 1170021601.343:296
type=LOGIN (LOGIN)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
auid=0 (root)

event: 5
records:1
fields:11
type=1105(USER_START) line=8 file=test.log event time: 1170021601.344:297
type=USER_START (USER_START)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 6
records:1
fields:11
type=1104(CRED_DISP) line=9 file=test.log event time: 1170021601.364:298
type=CRED_DISP (CRED_DISP)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 7
records:1
fields:11
type=1106(USER_END) line=10 file=test.log event time: 1170021601.366:299
type=USER_END (USER_END)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 8
records:4
fields:11
type=1400(AVC) line=1 file=test2.log event time: 1170021493.977:293
type=AVC (AVC)
seresult=denied (denied)
seperms=read (read)
pid=13010 (13010)
comm="pickup" (pickup)
name="maildrop" (maildrop)
dev=hda7 (hda7)
ino=14911367 (14911367)
scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
tclass=dir (dir)

fields:26
type=1300(SYSCALL) line=2 file=test2.log event time: 1170021493.977:293
type=SYSCALL (SYSCALL)
arch=c000003e (x86_64)
syscall=2 (open)
success=no (no)
exit=-13 (-13(Permission denied))
a0=5555665d91b0 (5555665d91b0)
a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
a2=5555665d91b8 (5555665d91b8)
a3=0 (0)
items=1 (1)
ppid=2013 (2013)
pid=13010 (13010)
auid=4294967295 (unset)
uid=89 (unknown(89))
gid=89 (unknown(89))
euid=89 (unknown(89))
suid=89 (unknown(89))
fsuid=89 (unknown(89))
egid=89 (unknown(89))
sgid=89 (unknown(89))
fsgid=89 (unknown(89))
tty=(none) ((none))
comm="pickup" (pickup)
exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
key=(null) ((null))

fields:2
type=1307(CWD) line=3 file=test2.log event time: 1170021493.977:293
type=CWD (CWD)
cwd="/var/spool/postfix" (/var/spool/postfix)

fields:10
type=1302(PATH) line=4 file=test2.log event time: 1170021493.977:293
type=PATH (PATH)
item=0 (0)
name="maildrop" (maildrop)
inode=14911367 (14911367)
dev=03:07 (03:07)
mode=040730 (dir, 730)
ouid=89 (unknown(89))
ogid=90 (unknown(90))
rdev=00:00 (00:00)
obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

event: 9
records:1
fields:11
type=1101(USER_ACCT) line=5 file=test2.log event time: 1170021601.340:294
type=USER_ACCT (USER_ACCT)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 10
records:1
fields:11
type=1103(CRED_ACQ) line=6 file=test2.log event time: 1170021601.342:295
type=CRED_ACQ (CRED_ACQ)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 11
records:1
fields:5
type=1006(LOGIN) line=7 file=test2.log event time: 1170021601.343:296
type=LOGIN (LOGIN)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
auid=0 (root)

event: 12
records:1
fields:11
type=1105(USER_START) line=8 file=test2.log event time: 1170021601.344:297
type=USER_START (USER_START)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 13
records:1
fields:11
type=1104(CRED_DISP) line=9 file=test2.log event time: 1170021601.364:298
type=CRED_DISP (CRED_DISP)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 14
records:1
fields:11
type=1106(USER_END) line=10 file=test2.log event time: 1170021601.366:299
type=USER_END (USER_END)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

Test 5 Done

Starting Test 6, search...
auid = 500 not found...which is correct
auid exists...which is correct
Testing BUFFER_ARRAY, stop on field
Found auid = 48
Testing BUFFER_ARRAY, stop on record
Found type = SYSCALL
Testing BUFFER_ARRAY, stop on event
Found type = SYSCALL
Testing test.log, stop on field
Found auid = 4294967295
Testing test.log, stop on record
Found type = SYSCALL
Testing test.log, stop on event
Found type = AVC
Test 6 Done

Starting Test 7, compound search...
Found type = USER_START
Found auid = 0
Test 7 Done

Starting Test 8, buffer feed...
event: 1
records:1
fields:5
type=1006(LOGIN) line=1 file=None event time: 1143146623.787:142
type=LOGIN (LOGIN)
pid=2027 (2027)
uid=0 (root)
auid=4294967295 (unset)
auid=48 (apache)

event: 2
records:1
fields:24
type=1300(SYSCALL) line=2 file=None event time: 1143146623.875:143
type=SYSCALL (SYSCALL)
arch=c000003e (x86_64)
syscall=188 (setxattr)
success=yes (yes)
exit=0 (0)
a0=7fffffa9a9f0 (7fffffa9a9f0)
a1=3958d11333 (3958d11333)
a2=5131f0 (5131f0)
a3=20 (20)
items=1 (1)
pid=2027 (2027)
auid=48 (apache)
uid=0 (root)
gid=0 (root)
euid=0 (root)
suid=0 (root)
fsuid=0 (root)
egid=0 (root)
sgid=0 (root)
fsgid=0 (root)
tty=tty3 (tty3)
comm="login" (login)
exe="/bin/login" (/bin/login)
subj=system_u:system_r:local_login_t:s0-s0:c0.c255 (system_u:system_r:local_login_t:s0-s0:c0.c255)

event: 3
records:1
fields:10
type=1112(USER_LOGIN) line=3 file=None event time: 1143146623.879:146
type=USER_LOGIN (USER_LOGIN)
pid=2027 (2027)
uid=0 (root)
auid=48 (apache)
uid=48 (apache)
exe="/bin/login" (/bin/login)
hostname=? (?)
addr=? (?)
terminal=tty3 (tty3)
res=success (success)

Test 8 Done

Starting Test 9, file feed...
event: 1
records:4
fields:11
type=1400(AVC) line=1 file=None event time: 1170021493.977:293
type=AVC (AVC)
seresult=denied (denied)
seperms=read,write (read,write)
pid=13010 (13010)
comm="pickup" (pickup)
name="maildrop" (maildrop)
dev=hda7 (hda7)
ino=14911367 (14911367)
scontext=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)
tclass=dir (dir)

fields:26
type=1300(SYSCALL) line=2 file=None event time: 1170021493.977:293
type=SYSCALL (SYSCALL)
arch=c000003e (x86_64)
syscall=2 (open)
success=no (no)
exit=-13 (-13(Permission denied))
a0=5555665d91b0 (5555665d91b0)
a1=10800 (O_RDONLY|O_NONBLOCK|O_DIRECTORY)
a2=5555665d91b8 (5555665d91b8)
a3=0 (0)
items=1 (1)
ppid=2013 (2013)
pid=13010 (13010)
auid=4294967295 (unset)
uid=89 (unknown(89))
gid=89 (unknown(89))
euid=89 (unknown(89))
suid=89 (unknown(89))
fsuid=89 (unknown(89))
egid=89 (unknown(89))
sgid=89 (unknown(89))
fsgid=89 (unknown(89))
tty=(none) ((none))
comm="pickup" (pickup)
exe="/usr/libexec/postfix/pickup" (/usr/libexec/postfix/pickup)
subj=system_u:system_r:postfix_pickup_t:s0 (system_u:system_r:postfix_pickup_t:s0)
key=(null) ((null))

fields:2
type=1307(CWD) line=3 file=None event time: 1170021493.977:293
type=CWD (CWD)
cwd="/var/spool/postfix" (/var/spool/postfix)

fields:10
type=1302(PATH) line=4 file=None event time: 1170021493.977:293
type=PATH (PATH)
item=0 (0)
name="maildrop" (maildrop)
inode=14911367 (14911367)
dev=03:07 (03:07)
mode=040730 (dir, 730)
ouid=89 (unknown(89))
ogid=90 (unknown(90))
rdev=00:00 (00:00)
obj=system_u:object_r:postfix_spool_maildrop_t:s0 (system_u:object_r:postfix_spool_maildrop_t:s0)

event: 2
records:1
fields:11
type=1101(USER_ACCT) line=5 file=None event time: 1170021601.340:294
type=USER_ACCT (USER_ACCT)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 3
records:1
fields:11
type=1103(CRED_ACQ) line=6 file=None event time: 1170021601.342:295
type=CRED_ACQ (CRED_ACQ)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 4
records:1
fields:5
type=1006(LOGIN) line=7 file=None event time: 1170021601.343:296
type=LOGIN (LOGIN)
pid=13015 (13015)
uid=0 (root)
auid=4294967295 (unset)
auid=0 (root)

event: 5
records:1
fields:11
type=1105(USER_START) line=8 file=None event time: 1170021601.344:297
type=USER_START (USER_START)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 6
records:1
fields:11
type=1104(CRED_DISP) line=9 file=None event time: 1170021601.364:298
type=CRED_DISP (CRED_DISP)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

event: 7
records:1
fields:11
type=1106(USER_END) line=10 file=None event time: 1170021601.366:299
type=USER_END (USER_END)
pid=13015 (13015)
uid=0 (root)
auid=0 (root)
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 (system_u:system_r:crond_t:s0-s0:c0.c1023)
acct=root (root)
exe="/usr/sbin/crond" (/usr/sbin/crond)
hostname=? (?)
addr=? (?)
terminal=cron (cron)
res=success (success)

Test 9 Done

Finished non-admin tests

