1AUPARSE_INIT(3) Linux Audit API AUPARSE_INIT(3)
2
3
4
6 auparse_init - initialize an instance of the audit parsing library
7
9 #include <auparse.h>
10
11 auparse_state_t *auparse_init(ausource_t source, const void *b);
12
13
15 auparse_init initializes an instance of the audit parsing library. The
16 function returns an opaque pointer to the parser's internal state. It
17 is used in subsequent calls to the library so. The source variable
18 determines where the library looks for data. Legal values can be:
19
20 AUSOURCE_LOGS - use audit logs
21 AUSOURCE_FILE - use a file
22 AUSOURCE_FILE_ARRAY - use several files
23 AUSOURCE_BUFFER - use a buffer
24 AUSOURCE_BUFFER_ARRAY - use an array of buffers
25 AUSOURCE_DESCRIPTOR - use a particular descriptor
26 AUSOURCE_FILE_POINTER - use a stdio FILE pointer
27 AUSOURCE_FEED - feed data to parser with auparse_feed()
28
29 The pointer 'b' is used to set the file name, array of filenames, the
30 buffer address, or an array of pointers to buffers, or the descriptor
31 number based on what source is given. When the data source is an array
32 of files or buffers, you would create an array of pointers with the
33 last one being a NULL pointer. Buffers should be NUL terminated.
34
35
37 Returns a NULL pointer if an error occurs; otherwise, the return value
38 is an aopaque pointer to the parser's internal state.
39
40
42 auparse_reset(3), auparse_destroy(3). auparse_feed(3).
43
44
46 Steve Grubb
47
48
49
50Red Hat Feb 2007 AUPARSE_INIT(3)