From d262a18d702b8ae4cf807b69296b3f4cd8360e34 Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Fri, 9 Jul 2021 01:51:32 +0800
Subject: [PATCH 1/2] Update how_to_deploy_audisp_remote_for_audit_log.mkd

---
 .../how_to_deploy_audisp_remote_for_audit_log.mkd         | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd b/docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd
index ee697cc..448d95f 100644
--- a/docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd
+++ b/docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd
@@ -45,11 +45,17 @@ etc/audisp/audisp-remote.conf is inconsistent with the MAN document
 queue_error_action. 
 ```
 
-If not record logs on local filesystem, Modify /etc/audit/auditd.conf:
+If not record logs on local filesystem, Modify /etc/audit/auditd.conf:   
 ```
 write_logs = no
 ```
 
+Set name_format of /etc/audisp/audispd.conf to NUMERIC, in audit.log, the node will record the IP address:   
+```
+name_format = NUMERIC 
+```  
+** Note: The IP address may be 127.0.1.1, please modify it in /etc/hosts. You can use hostname -i to check whether it is the correct address. **    
+
 ### Restart service 
 Restart auditd service:
 ```

From 8ad11ac333404cedee74323a0d4ec32a4fcb89fd Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Fri, 16 Jul 2021 00:58:37 +0800
Subject: [PATCH 2/2] Fix a bug: If /var/log is a separate partition, check
 whether /var is a separate partition will be passed.

---
 lib/utils.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils.sh b/lib/utils.sh
index 12de7ae..1105daf 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -459,7 +459,7 @@ is_kernel_option_enabled() {
 is_a_partition() {
     local PARTITION=$1
     FNRET=128
-    if $(grep "[[:space:]]*${PARTITION}[[:space:]]*" /etc/fstab | grep -vqE "^#"); then
+    if $(grep "[[:space:]]*${PARTITION}[[:space:]].*" /etc/fstab | grep -vqE "^#"); then
         debug "$PARTITION found in fstab"
         FNRET=0
     else