diff -urp audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c
--- audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c	2008-04-07 16:57:12.000000000 -0400
+++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c	2008-04-18 10:18:46.000000000 -0400
@@ -228,7 +228,8 @@ int main(int argc, char *argv[])
 		return -1;
 	}
 
-	syslog(LOG_INFO, "audisp-prelude is ready for events");
+	if (mode != M_TEST)
+		syslog(LOG_INFO, "audisp-prelude is ready for events");
 	do {
 		/* Load configuration */
 		if (hup) {
@@ -248,9 +249,10 @@ int main(int argc, char *argv[])
 	/* Flush any accumulated events from queue */
 	auparse_flush_feed(au);
 
-	syslog(LOG_INFO, "audisp-prelude is exiting on stop request");
 	if (mode == M_TEST)
 		puts("audisp-prelude is exiting on stop request");
+	else
+		syslog(LOG_INFO, "audisp-prelude is exiting on stop request");
 
 	/* Cleanup subsystems */
 	if (client) 
@@ -1811,7 +1811,7 @@ static void handle_event(auparse_state_t
 		rc = 0;
 		switch (type) {
 			case AUDIT_AVC:
-			case AUDIT_USER_AVC:
+//			case AUDIT_USER_AVC:
 				if (config.avcs == E_NO)
 					break;
 				if (config.avcs_act != A_IDMEF)
diff -urp audit-1.7.2.orig/auparse/auparse.c audit-1.7.2/auparse/auparse.c
--- audit-1.7.2.orig/auparse/auparse.c	2008-04-08 12:37:09.000000000 -0400
+++ audit-1.7.2/auparse/auparse.c	2008-04-18 10:43:49.000000000 -0400
@@ -1130,6 +1130,7 @@ int auparse_first_record(auparse_state_t
 			return rc;
 	}
 	aup_list_first(&au->le);
+	aup_list_first_field(&au->le);
 	
 	return 1;
 }
@@ -1236,7 +1237,22 @@ const char *auparse_find_field(auparse_s
 {
 	free(au->find_field);
 	au->find_field = strdup(name);
-	return auparse_find_field_next(au);
+
+	if (au->le.e.sec) {
+		const char *cur_name;
+		rnode *r;
+
+		// look at current record before moving
+		r = aup_list_get_cur(&au->le);
+		if (r == NULL)
+			return NULL;
+		cur_name = nvlist_get_cur_name(&r->nv);
+		if (cur_name && strcmp(cur_name, name) == 0)
+			return nvlist_get_cur_val(&r->nv);
+
+		return auparse_find_field_next(au);
+	}
+	return NULL;
 }
 
 /* Increment 1 location and then scan for next field */
@@ -1258,6 +1274,8 @@ const char *auparse_find_field_next(aupa
 			if (nvlist_find_name(&r->nv, au->find_field))
 				return nvlist_get_cur_val(&r->nv);
 			r = aup_list_next(&au->le);
+			if (r)
+				aup_list_first_field(&au->le);
 		}
 	}
 	return NULL;