Audit Parsing Library Requirements
Steve Grubb
sgrubb at redhat.com
Mon Mar 13 23:01:42 UTC 2006
On Monday 13 March 2006 17:51, Kevin Carr wrote:
> How do you imagine this fitting in to the API? Can we work this in somehow?
Call auparse_get_timestamp() on the last record to get all the event
information. Use that as the start position in the next search. That would be
set like
ausearch_set_param(au, "start_time", "=", "3/13/2006 17:57:00",
AUSEARCH_STOP_EVENT);
Then call auparse_get_timestamp() and compare them. If equal goto the next
event like with auparse_next_event(). I am adding the event timestamp
comparison function to the spec since I already have it in ausearch.
-Steve
More information about the Linux-audit
mailing list