1AUPARSE_FIND_FIELD(3)           Linux Audit API          AUPARSE_FIND_FIELD(3)
2
3
4

NAME

6       auparse_find_field - search for field name
7

SYNOPSIS

9       #include <auparse.h>
10
11       const char *auparse_find_field(auparse_state_t *au, const char *name);
12
13

DESCRIPTION

15       auparse_find_field  will scan all records in an event to find the first
16       occurrence of the field name passed to it. Searching  begins  from  the
17       cursor's  current  position.  The  field  name is stored for subsequent
18       searching.
19
20       NOTE: auparse creates 2 psuedo fields that do not exist in the  natural
21       record for SELinux AVC and USER_AVC decision and permissions. The field
22       names are seresult and seperms respectively.
23
24

RETURN VALUE

26       Returns NULL field not found. If an error occurs  errno  will  be  set.
27       Otherwise,  it  returns a pointer to the text value associated with the
28       field.
29
30

SEE ALSO

32       auparse_first_record(3), auparse_find_field_next(3).
33
34

AUTHOR

36       Steve Grubb
37
38
39
40Red Hat                            June 2021             AUPARSE_FIND_FIELD(3)
Impressum