Hello,
I found a memory leak problem  when the the ”log_format = NOLOG“ is set in
auditd.conf.
See the code in function "void enqueue_event(struct auditd_reply_list
*rep)" in "/src/auditd-event.c",
If it comes into the case LF_NOLOG, then there is no chance to free the
rep->reply.message because it returns so that the message cannot be
dequeued in function "static void *event_thread_main(void *arg) " to free
it.

The same problem may occurs in case "default:" below the case LF_NOLOG.

When the message type is between AUDIT_FIRST_DAEMON and AUDIT_LAST_DAEMON,
the  rep->reply.message will be malloced in function "int
send_audit_event(int type, const char *str)" in "/src/auditd.c".
So I write a patch below, but I'm not sure whether this is the correct way
to submit a patch because this is my first submmition. So please tell me if
I'm wrong.

--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -172,6 +172,11 @@ void enqueue_event(struct auditd_reply_list *rep)
  case LF_NOLOG:
  // We need the rotate event to get enqueued
  if (rep->reply.type != AUDIT_DAEMON_ROTATE ) {
+ /* Internal DAEMON messages should be free'd */
+ if (rep->reply.type >= AUDIT_FIRST_DAEMON &&
+ rep->reply.type <= AUDIT_LAST_DAEMON) {
+ free((void *)rep->reply.message);
+ }
  free(rep);
  return;
  }
@@ -180,6 +185,11 @@ void enqueue_event(struct auditd_reply_list *rep)
  audit_msg(LOG_ERR,
   "Illegal log format detected %d",
   consumer_data.config->log_format);
+ /* Internal DAEMON messages should be free'd */
+ if (rep->reply.type >= AUDIT_FIRST_DAEMON &&
+ rep->reply.type <= AUDIT_LAST_DAEMON) {
+ free((void *)rep->reply.message);
+ }
  free(rep);
  return;
  }