Audit Parsing Library Requirements
Kevin Carr
kcarr at tresys.com
Mon Mar 13 17:34:52 UTC 2006
> I think the answer is Yes. Each state would be a search or iteration
> instance.
> They could be searching different files or have different search
> parameters.
> I think the analogy that was used previously was to think of them as "FILE
> *". Using that analogy, a program can have multiple FILE *, each unique
> since
> they have their own fopen call which initializes the resources and state.
> auparse_init would be equivalent to fopen in this analogy.
It seems that the naming is a bit confusing then. Should it be
ausearch_state_t instead of auparse_state_t, as it is setting information
related to the search. It also makes sense because ausearch_set_param()
should be setting information on a ausearch_state_t. This seems more inline
with the Ground Rules we specified.
Kevin Carr
Tresys Technology
410.290.1411 x137
More information about the Linux-audit
mailing list