1AUPARSE_INIT(3)                 Linux Audit API                AUPARSE_INIT(3)
2
3
4

NAME

6       auparse_init - initialize an instance of the audit parsing library
7

SYNOPSIS

9       #include <auparse.h>
10
11       auparse_state_t *auparse_init(ausource_t source, const void *b);
12
13

DESCRIPTION

15       auparse_init  initializes an instance of the audit parsing library. The
16       function returns an opaque pointer to the parser's internal  state.  It
17       is  used  in  subsequent  calls  to the library so. The source variable
18       determines where the library looks for data. Legal values can be:
19
20            AUSOURCE_LOGS - use audit logs
21            AUSOURCE_FILE - use a file
22            AUSOURCE_FILE_ARRAY - use several files
23            AUSOURCE_BUFFER - use a buffer
24            AUSOURCE_BUFFER_ARRAY - use an array of buffers
25            AUSOURCE_DESCRIPTOR - use a particular descriptor
26            AUSOURCE_FILE_POINTER - use a stdio FILE pointer
27            AUSOURCE_FEED - feed data to parser with auparse_feed()
28
29       The pointer 'b' is used to set the file name, array of  filenames,  the
30       buffer  address,  or an array of pointers to buffers, or the descriptor
31       number based on what source is given. When the data source is an  array
32       of  files  or  buffers,  you would create an array of pointers with the
33       last one being a NULL pointer. Buffers should be NUL terminated.
34
35

RETURN VALUE

37       Returns a NULL pointer if an error occurs; otherwise, the return  value
38       is an aopaque pointer to the parser's internal state.
39
40

SEE ALSO

42       auparse_reset(3), auparse_destroy(3).  auparse_feed(3).
43
44

AUTHOR

46       Steve Grubb
47
48
49
50Red Hat                            Feb 2007                    AUPARSE_INIT(3)
Impressum