SecAuditLogParts section identifiers are surprising #1089

stig opened this Issue Mar 9, 2016 · 0 comments


None yet

1 participant

stig commented Mar 9, 2016

It would be nice if the I directive resulted in a audit log section separator containing the letter I rather than C. I was attempting to stop the request body from going to the audit log, but was led on a wild goose chase due to the section identifier being C rather than I.

To be clear, the audit log contained a separator like this:


despite our setting of:

SecAuditLogParts ABIJDEFHZ

I eventually realised that it was the I part that resulted in the C section identifier, but I think this is a clear violation of the principle of least surprise. I would instead have expected the section separator to be like the below:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment