hostname translated to numbers in v0.6.0

[RomainPisters]

auditd version: audit-3.0.7-104.el9.x86_64
laurel version: v0.6.0
os version: rocky linux 9.3

I've set name_format to hostname in auditd.conf and I can see my hostname 'purpleteam-rocky' is added to the auditd logs. When I checked laurel instead of the hostname I found the 'NODE' key to contain 16 digits instead of my hostname (which is also 16 characters).

I've tried running laurel v0.5.6 instead of v0.6.0 and it works for that version so it appears that something was changed in the latest release.

Here's a snippet when running laurel v0.5.6:

{
  "ID": "1710510174.216:12513",
  "NODE": "purpleteam-rocky",
  <snip>
}

And this is v0.6.0:

{
  "ID": "1710510304.527:15813",
  "NODE": [112,117,114,112,108,101,116,101,97,109,45,114,111,99,107,121],
  <snip>
}

And for reference a snippet of the actual auditd log:

[root@purpleteam-rocky ~]# tail -n 2 /var/log/audit/audit.log
node=purpleteam-rocky type=PATH msg=audit(1710510768.580:15936): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=1506 dev=103:05 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
node=purpleteam-rocky type=PROCTITLE msg=audit(1710510768.580:15936): proctitle=7461696C002D6E0032002F7661722F6C6F672F61756469742F61756469742E6C6F67

I've tried doing the translating in laurel instead of using 'log_format = ENRICHED' but that doesn't make any difference.

[hillu]

Good catch! I suppose this warrants a bugfix release.