Audit Parsing Library Requirements
Klaus Weidner
klaus at atsec.com
Fri Mar 10 03:38:18 UTC 2006
On Thu, Mar 09, 2006 at 11:31:57AM -0600, Michael C Thompson wrote:
> linux-audit-bounces at redhat.com wrote on 03/09/2006 11:08:05 AM:
> > So you would likely do:
> > ausearch_set_param("syscall", "open");
> > ausearch_set_param("gid", "500");
>
> Since you are eventually going after Python support, it would be awesome
> if (in Pyhton) you could supply a list of pairs, since making multiple
> calls is not very friendly.
The Python map() builtin can already do that for you:
map(set_param, ("syscall", "gid", "auid"), ("open", 500, 501))
or, if you prefer the list of pairs instead of separate lists:
map(set_param, *zip(("syscall", "open"), ("gid", 500), ("auid", 501)))
which could of course be wrapped into a set_params() helper function.
As a side note, the high-level interface should be smart enough to take
integers (or general printable objects) instead of insisting on strings.
This wouldn't need to be visible to the low-level interface.
-Klaus
More information about the Linux-audit
mailing list