Comment 0 for bug 1478087

-- Problem Description --
We installed ubuntu 14.04.3 on lakelp1 and installed package auditd. We tried to
ssh to lakelp1 several times and found that "aureport -l" couldn't print out the login
info.

root@lakelp1:~# /etc/init.d/auditd status
 * auditd is running.

root@lakelp1:~# auditctl -e 1
AUDIT_STATUS: enabled=1 flag=1 pid=38784 rate_limit=0 backlog_limit=320 lost=12 backlog=1

root@lakelp1:~# grep -i login /var/log/audit/audit.log
type=LOGIN msg=audit(1437641256.987:67): pid=11752 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=4 res=1
type=LOGIN msg=audit(1437642646.478:85): pid=44269 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=5 res=1
type=LOGIN msg=audit(1437642700.295:90): pid=21504 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=6 res=1
type=LOGIN msg=audit(1437642765.339:104): pid=16628 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=7 res=1
type=LOGIN msg=audit(1437644638.593:130): pid=44443 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=8 res=1

root@lakelp1:~# aureport -l

Login Report
============================================
# date time auid host term exe success event
============================================
<no events of interest were found>

This looks like a bug in aureport or libaudit. In addition to giving admins falsely empty record selections, this would prevent successful completion of a Common Criteria certification.