AUPARSE_FEED
NAMESYNOPSIS
DESCRIPTION
EXAMPLE
RETURN VALUE
SEE ALSO
AUTHOR
NAME
auparse_feed − feed data into parser
SYNOPSIS
#include <auparse.h>
int auparse_feed(auparse_state_t *au, const char *data, size_t data_len);
|
au |
The audit parse state | ||
|
data |
a buffer of data to feed into the parser, it is data_len bytes long. The data is copied in the parser, upon return the caller may free or reuse the data buffer. |
data_len
number of bytes in data
DESCRIPTION
auparse_feed supplies new data for the parser to consume. auparse_init() must have been called with a source type of AUSOURCE_FEED and a NULL pointer.
The parser consumes as much data as it can invoking a user supplied callback specified with auparse_add_callback with a cb_event_type of AUPARSE_CB_EVENT_READY each time the parser recognizes a complete event in the data stream. Data not fully parsed will persist and be prepended to the next feed data. After all data has been feed to the parser auparse_flush_feed should be called to signal the end of input data and flush any pending parse data through the parsing system.
EXAMPLE
void
auparse_callback(auparse_state_t *au, auparse_cb_event_t
cb_event_type,
void *user_data)
{
int *event_cnt = (int *)user_data;
if
(cb_event_type == AUPARSE_CB_EVENT_READY) {
if (auparse_first_record(au) <= 0) return;
printf("event: %d\n", *event_cnt);
printf("records:%d\n",
auparse_get_num_records(au));
do {
printf("fields:%d\n", auparse_get_num_fields(au));
printf("type=%d ", auparse_get_type(au));
const au_event_t *e = auparse_get_timestamp(au);
if (e == NULL) return;
printf("event time: %u.%u:%lu\n",
(unsigned)e->sec, e->milli, e->serial);
auparse_first_field(au);
do {
printf("%s=%s (%s)\n", auparse_get_field_name(au),
auparse_get_field_str(au),
auparse_interpret_field(au));
} while (auparse_next_field(au) > 0);
printf("\n");
}
while(auparse_next_record(au) > 0);
(*event_cnt)++;
}
}
main(int argc,
char **argv)
{
char *filename = argv[1];
FILE *fp;
char buf[256];
size_t len;
int *event_cnt = malloc(sizeof(int));
au = auparse_init(AUSOURCE_FEED, 0);
*event_cnt = 1;
auparse_add_callback(au, auparse_callback, event_cnt,
free);
if ((fp =
fopen(filename, "r")) == NULL) {
fprintf(stderr, "could not open ’%s’, %s0,
filename, strerror(errno));
return 1;
}
while ((len =
fread(buf, 1, sizeof(buf), fp))) {
auparse_feed(au, buf, len);
}
auparse_flush_feed(au);
}
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO
auparse_add_callback(3), auparse_flush_feed(3)
AUTHOR
John Dennis
More Linux Commands
manpages/rdjpgcom.1.html
rdjpgcom(1) - display text comments from a JPEG file........
rdjpgcom reads the named JPEG/JFIF file, or the standard input if no file is named, and prints any text comments found in the file on the standard output. The J
manpages/overlay.3ncurses.html
overlay(3ncurses) - overlay and manipulate overlapped curses
overlay.3ncurses - The overlay and overwrite routines overlay srcwin on top of dstwin. scrwin and dstwin are not required to be the same size; only text where t
manpages/pam_putenv.3.html
pam_putenv(3) - set or change PAM environment variable......
The pam_putenv function is used to add or change the value of PAM environment variables as associated with the pamh handle. The pamh argument is an authenticati
manpages/intel_reg_read.1.html
intel_reg_read(1) - Reads an Intel GPU register value.......
intel_reg_read is a tool to read Intel GPU registers, for use in debugging. The register argument is given as hexadecimal. EXAMPLES intel_reg_read 0x61230 Shows
manpages/cos.3.html
cos(3) - cosine function (Library - Linux man page).........
The cos() function returns the cosine of x, where x is given in radians. RETURN VALUE On success, these functions return the cosine of x. If x is a NaN, a NaN i
manpages/sasl_encodev.3.html
sasl_encodev(3) - Encode data for transport to authenticated
sasl_encode encodes data to be sent to be sent to a remote host who weve had a successful authentication session with. If there is a negotiated security the dat
manpages/smb.conf.5.html
smb.conf(5) - The configuration file for the Samba suite....
implementation was found at compilation time. It will only be used if DMAPI is found to enabled on the system at run time. Default: dmapi support = no dont desc
manpages/fgetpos.3.html
fgetpos(3) - reposition a stream (Library - Linux man page)
fgetpos.3 - The fseek() function sets the file position indicator for the stream pointed to by stream. The new position, measured in bytes, is obtained by addin
manpages/gv.3php.html
gv.3php (Manual - Linux man page)..........................
gv_php is a dynamically loaded extension for php that provides access to the graph facilities of graphviz. COMMANDS New graphs New empty graph graph_handle gv::
manpages/FontCacheQueryExtension.3.html
FontCacheQueryExtension(3) - X-TrueType font cache extension
FontCache is an extension that is used by X-TrueType to cache informations about fonts. FontCacheQueryExtension returns True if the FontCache extension is avail
manpages/page.3form.html
page(3form) - set and get form page number - Linux man page
page.3form - The function set_current field sets the current field of the given form; current_field returns the current field of the given form. The function se
manpages/ModPerl::BuildMM.3pm.html
ModPerl::BuildMM(3pm) - A "subclass" of ModPerl::MM used for
ModPerl::BuildMM is a subclass of ModPerl::MM used for building mod_perl 2.0. Refer to ModPerl::MM manpage. OVERRIDEN METHODS ModPerl::BuildMM overrides the fol
