ausearch_cur_event - Man Page

check if the current event meets search criteria

Synopsis

#include <auparse.h>

int ausearch_cur_event(auparse_state_t *au);

Description

ausearch_cur_event will scan the input source and evaluate whether any record in the current event contains the data being searched for. Evaluation is done at the record level. If a match is found, the cursor is repositioned; otherwise, it remains on the last successfully parsed record within the current event.

Return Value

Returns -1 if an error occurs, 0 if no matches, and 1 for success.

See Also

ausearch_add_item(3), ausearch_add_regex(3), ausearch_next_event(3), ausearch_set_stop(3).

Author

Attila Lakatos

Referenced By

ausearch_add_expression(3), ausearch_add_interpreted_item(3), ausearch_add_item(3), ausearch_add_regex(3), ausearch_add_timestamp_item(3), ausearch_add_timestamp_item_ex(3), ausearch_set_stop(3).

Feb 2024 Red Hat Linux Audit API