audit log is including unexpected TRACE event log.
TRACE event is recorded in audit log without trace in audit mode at any user.

 for example:
 -------------------------------

# seaduit -tr -sd today
...
 06 Feb 2020 13:36:12 P TRACE        root         5e3b771b:00000108 root root         FILE         /var/empty/sshd   62  FILE    > Result: 'P' [stage=62 gstag=62 ACEEH=2    rv=0(/var/empty/sshd)]
            Why?   UACC check for Class of unprotected resource
 06 Feb 2020 13:36:12 P TRACE        root         5e3b771b:00000108 root root         SETGID       GROUP.sshd    996  SGID    > P=425   U=0    (RG=0EG=0    SG=0   ) to (RG=74   EG=74   SG=74  ) (For Login ) BYPASS
 06 Feb 2020 13:36:12 P TRACE        root         5e3b771b:00000108 root root         SETUID       USER.74       996  SUID    > P=425   U=0    (R=0 E=0    S=0   ) to (R=74   E=74   S=74  ) (For Login ) BYPASS
 ...
 -------------------------------

 

Release : 14.1

Component : PAM SERVER CONTROL ENDPOINT UNIX/LINUX