auparse_init - Man Page

initialize an instance of the audit parsing library

Synopsis

#include <auparse.h>

auparse_state_t *auparse_init(ausource_t source, const void *b);

Description

auparse_init initializes an instance of the audit parsing library. The function returns an opaque pointer to the parser's internal state. It is used in subsequent calls to the library so. The source variable determines where the library looks for data. Legal values can be:

	AUSOURCE_LOGS - use audit logs
	AUSOURCE_FILE - use a file
	AUSOURCE_FILE_ARRAY - use several files
	AUSOURCE_BUFFER - use a buffer
	AUSOURCE_BUFFER_ARRAY - use an array of buffers
	AUSOURCE_DESCRIPTOR - use a particular descriptor
	AUSOURCE_FILE_POINTER - use a stdio FILE pointer
	AUSOURCE_FEED - feed data to parser with auparse_feed()

The pointer 'b' is used to set the file name, array of filenames, the buffer address, or an array of pointers to buffers, or the descriptor number based on what source is given. When the data source is an array of files or buffers, you would create an array of pointers with the last one being a NULL pointer. Buffers should be NUL terminated.

The data structure returned by auparse_init is not thread-safe. If you need to use it in a multithreaded program, you will need to add locking around any use of the data structure.

Return Value

Returns a NULL pointer if an error occurs; otherwise, the return value is an opaque pointer to the parser's internal state.

See Also

auparse_reset(3), auparse_destroy(3). auparse_feed(3).

Author

Steve Grubb

Referenced By

auparse_destroy(3), auparse_new_buffer(3), auparse_reset(3), auparse_set_eoe_timeout(3).

Jan 2023 Red Hat Linux Audit API