From 6d4e4f5131303a0f179478985184165dd223f272 Mon Sep 17 00:00:00 2001
From: Jason Tedor <jason@tedor.me>
Date: Tue, 13 Sep 2016 17:41:53 -0400
Subject: [PATCH] Fix failing logging audit tests

This commit fixes the logging audit tests which were broken due to an
upstream change in core Elasticsearch relating to the fact that prefixes
are no longer considered part of the log message, but are instead
implemented via markers.

Original commit: elastic/x-pack-elasticsearch@abd7ec23d8c9fd7bd636bdfc727f797e4cfe7d03
---
 .../xpack/security/audit/logfile/CapturingLogger.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java
index 8cdf5207366..112f405d27b 100644
--- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java
+++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java
@@ -57,7 +57,7 @@ public class CapturingLogger {
         public final List<String> trace = new ArrayList<>();
 
         private MockAppender(final String name) throws IllegalAccessException {
-            super(name, RegexFilter.createFilter(".*(\n.*)*", new String[0], true, null, null), null);
+            super(name, RegexFilter.createFilter(".*(\n.*)*", new String[0], false, null, null), null);
         }
 
         @Override