Audit Parsing Library Requirements
Steve Grubb
sgrubb at redhat.com
Wed Mar 8 15:39:51 UTC 2006
On Wednesday 08 March 2006 07:11, John D. Ramsdell wrote:
> I would like a library interface that allows me to reuse existing
> functionality in ausearch, not just process raw records. Thus, I
> imagined at least two functions being part of the library.
That is why I countered with an iterator interface. Ausearch iterates through
the records and would be easy to adapt it and aureport to such a library
interface.
I have also been thinking about key/value pair as the representation for
exactly the same reason Klaus mentioned. It should be extensible and a
minimal amount of maintenance. Key/value interface should allow Python to
access anything in case it does not understand "C" structures.
I'll take a hack at proposing an API and send it in a little while.
-Steve
More information about the Linux-audit
mailing list