Audit Parsing Library Requirements

[Debora Velarde]

> > 2. Will the user have to extract the values of 'user' and 'exe' from 
the
> > entire value of 'msg' themselves? 
> 
> No. look at the example code. You would do
> 
> if (auparse_find_field(au, "user") {
>    const char *str = auparse_get_field_str(au);
>    do-whatever(str);
> }
> 
> > Or can the API return the values for those individually?
> 
> Yes.
> 
> -Steve
OK Great.  I just wasn't sure since 'user' and 'exe' are within the 'msg' 
string.