ausearch_add_interpreted_item man page on Mandriva

Man page or keyword search:  
man Server   17060 pages
apropos Keyword Search (all sections)
Output format
Mandriva logo
[printable version]

AUSEARCH_ADD_INTERPRETED_ITEM(3)Linux Audit APAUSEARCH_ADD_INTERPRETED_ITEM(3)

NAME
       ausearch_add_interpreted_item - build up search rule

SYNOPSIS
       #include <auparse.h>

       int   ausearch_add_interpreted_item(auparse_state_t   *au,  const  char
       *field, const char *op, const char *value, ausearch_rule_t how);

DESCRIPTION
       ausearch_add_interpreted_item adds one search condition to the  current
       audit search expression. The search conditions can then be used to scan
       logs, files, or buffers for something of interest. The field  value  is
       the  field  name	 that  the  value will be checked for. The op variable
       describes what kind of check is to be done. Legal op values are:

	      exists
		      just check that a field name exists

	      =
		      locate the field name and check that the	value  associ‐
		     ated with it is equal to the value given in this rule.

	      !=
		      locate  the  field name and check that the value associ‐
		     ated with it is NOT equal to  the	value  given  in  this
		     rule.

       The  value  parameter  is  compared to the interpreted field value (the
       value that would be returned by auparse_interpret_field(3)).

       The how value determines how this  search  condition  will  affect  the
       existing search expression if one is already defined. The possible val‐
       ues are:

	      AUSEARCH_RULE_CLEAR
		     Clear the current search expression, if any, and use only
		     this search condition.

	      AUSEARCH_RULE_OR
		     If	 a  search expression E is already configured, replace
		     it by (E || this_search_condition).

	      AUSEARCH_RULE_AND
		     If a search expression E is already  configured,  replace
		     it by (E && this_search_condition).

RETURN VALUE
       Returns -1 if an error occurs; otherwise, 0 for success.

SEE ALSO
       ausearch_add_expression(3),   ausearch_add_item(3),  ausearch_add_time‐
       stamp_item(3),	ausearch_add_regex(3),	 ausearch_set_stop(3),	 ause‐
       arch_clear(3), ausearch_next_event(3), ausearch-expression(5).

AUTHOR
       Steve Grubb

Red Hat				   Nov 2007   AUSEARCH_ADD_INTERPRETED_ITEM(3)
[top]

List of man pages available for Mandriva

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net