Audit Parsing Library Requirements
Debora Velarde
dvelarde at us.ibm.com
Fri Mar 10 23:51:08 UTC 2006
> > 2. Will the user have to extract the values of 'user' and 'exe' from
the
> > entire value of 'msg' themselves?
>
> No. look at the example code. You would do
>
> if (auparse_find_field(au, "user") {
> const char *str = auparse_get_field_str(au);
> do-whatever(str);
> }
>
> > Or can the API return the values for those individually?
>
> Yes.
>
> -Steve
OK Great. I just wasn't sure since 'user' and 'exe' are within the 'msg'
string.
More information about the Linux-audit
mailing list