Audit Parsing Library Requirements
Michael C Thompson
mcthomps at us.ibm.com
Thu Mar 9 17:31:57 UTC 2006
linux-audit-bounces at redhat.com wrote on 03/09/2006 11:08:05 AM:
> On Thursday 09 March 2006 12:03, Debora Velarde wrote:
> > If I want to match on two params (say syscall name and group id) would
I
> > call ausearch_set_param twice or pass ausearch_set_param all my
parameters
> > in one call? Can you post how you imagine the call to look like?
>
> Yes, you would call it twice. I would expect it to take 2 params: name &
> value.
>
> So you would likely do:
> ausearch_set_param("syscall", "open");
> ausearch_set_param("gid", "500");
Since you are eventually going after Python support, it would be awesome
if (in Pyhton) you could supply a list of pairs, since making multiple
calls is not very friendly.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060309/8495c8be/attachment.htm>
More information about the Linux-audit
mailing list