Realtime parsing with Auparse
Wouter van Verre
woutervanverre at outlook.com
Tue Nov 18 13:37:38 UTC 2014
Hi all,
I am looking to do some real time parsing with audit. After some testing I figured it would be easier to the parsing in a plugin on the local machine and then send the parsed data to a remote machine for storage.
After reading the audit-parse.txt document I am not quite sure how to proceed. Given that the plugin will receive data on stdin, how would I go about setting the auparse library up (for example, what ausource_t should I specify to initialise the auparse_state_t object) to enable real time parsing?
Many thanks,
Wouter
More information about the Linux-audit
mailing list