Audit Parsing Library Requirements
Steve Grubb
sgrubb at redhat.com
Mon Mar 13 15:18:11 UTC 2006
On Monday 13 March 2006 09:57, Loulwa Salem wrote:
> On the Side note issue, I am all for that, using a "space" when "_"
> should be just makes for alot of unnecessary parsing exceptions to skip
> those lonely words.
That would actually slow down parsing since I would now have to do lots of
exception processing. It has to be high performance and adding spaces just
makes that harder to achieve.
> Also, many audit records have what seems to me to be random symbols (ex.
> , : ( ' ). If we get rid of those .. that would be great.
The are separators for different kinds of information. Don't worry about any
of these details. auparse library should make it such that you don't worry
about the underlying details.
-Steve
More information about the Linux-audit
mailing list