auparse with AUSOURCE_DESCRIPTOR
Satish Chandra Kilaru
iam.kilaru at gmail.com
Wed Jul 29 20:36:27 UTC 2015
Has anyone tried AUSOURCE_DESCRIPTOR with a unix socket as fd?
I am doing the following.
int sd_u = socket(AF_UNIX, SOCK_STREAM, 0);
connect(sd_u, (struct sockaddr *) &sa, sizeof(sa))!=0)
auparse_state_t *au = auparse_init(AUSOURCE_DESCRIPTOR, (const void *)sd_u);
auparse_add_callback(au, auparse_callback, event_cnt, free);
ausearch_next_event(au);
My auparse_callback() is not getting called. My program just blocks in
ausearch_next_event().
read(sd_u, buf, sizeof(buf)) gets me events... That means I am using
correct unix socket.
How do I make the callback function to get called for each event?
Am I missing something here?
Thanks in advance.
--Satish
--
Please Donate to www.wikipedia.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20150729/07f5b749/attachment.htm>
More information about the Linux-audit
mailing list