Realtime parsing with Auparse

Tuesday, 18 November 2014

Hi all,

I am looking to do some real time parsing with audit. After some testing I figured it
would be easier to the parsing in a plugin on the local machine and then send the parsed
data to a remote machine for storage.

After reading the audit-parse.txt document I am not quite sure how to proceed. Given that
the plugin will receive data on stdin, how would I go about setting the auparse library up
(for example, what ausource_t should I specify to initialise the auparse_state_t object)
to enable real time parsing?

Many thanks,

Wouter 		 	   		  

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Realtime parsing with Auparse