1AUPARSE_NORMALIZE_FUNCTIONS(3)  Linux Audit API AUPARSE_NORMALIZE_FUNCTIONS(3)
2
3
4

NAME

6       auparse_normalize_get_event_kind, auparse_normalize_subject_kind, auparse_normalize_get_action, auparse_normalize_object_kind, auparse_normalize_how, auparse_normalize_session, auparse_normalize_subject_primary, auparse_normalize_subject_secondary, auparse_normalize_subject_first_attribute, auparse_normalize_subject_next_attribute, auparse_normalize_object_primary, auparse_normalize_object_secondary, auparse_normalize_object_primary2, auparse_normalize_object_first_attribute, auparse_normalize_object_next_attribute, auparse_normalize_get_results, auparse_normalize_key - Access normalized fields
7

SYNOPSIS

9       #include <auparse.h>
10
11       Metadata Functions:
12       const char *auparse_normalize_get_event_kind(auparse_state_t *au);
13       const char *auparse_normalize_subject_kind(auparse_state_t *au);
14       const char *auparse_normalize_get_action(auparse_state_t *au);
15       const char *auparse_normalize_object_kind(auparse_state_t *au);
16       const char *auparse_normalize_how(auparse_state_t *au);
17
18       Positioning Functions:
19       int auparse_normalize_session(auparse_state_t *au);
20       int auparse_normalize_subject_primary(auparse_state_t *au);
21       int auparse_normalize_subject_secondary(auparse_state_t *au);
22       int auparse_normalize_subject_first_attribute(auparse_state_t *au);
23       int auparse_normalize_subject_next_attribute(auparse_state_t *au);
24       int auparse_normalize_object_primary(auparse_state_t *au);
25       int auparse_normalize_object_secondary(auparse_state_t *au);
26       int auparse_normalize_object_primary2(auparse_state_t *au);
27       int auparse_normalize_object_first_attribute(auparse_state_t *au);
28       int auparse_normalize_object_next_attribute(auparse_state_t *au);
29       int auparse_normalize_get_results(auparse_state_t *au);
30       int auparse_normalize_key(auparse_state_t *au);
31

DESCRIPTION

33       After calling the auparse_normalize function, you will probably want to
34       access the audit event data.  These  function  provide  access  to  the
35       results  of  the normalization. There are 2 kinds of function, metadata
36       and positioning.
37
38       The metadata functions all return a pointer to a string that  describes
39       something about the event. This data does not live inside the event but
40       is kept in lookup tables inside the auparse library.
41
42       The positioning function are different in that they move  the  internal
43       cursor of auparse to the record and field that contains the information
44       you want. You then use field accessor functions to retrieve the values.
45
46

RETURN VALUE

48       The positioning functions return < 0 on error, 0 if uninitialized,  and
49       1 on success. The metadata functions return NULL on error and a pointer
50       to a string on success.
51
52

SEE ALSO

54       auparse_normalize(3),     auparse_get_field_str(3),      auparse_inter‐
55       pret_field(3).
56
57
58
59

AUTHOR

61       Steve Grubb
62
63
64
65Red Hat                           March 2017    AUPARSE_NORMALIZE_FUNCTIONS(3)
Impressum