Re: Audit Parsing Library Requirements
linux-audit-bounces(a)redhat.com wrote on 03/09/2006 11:08:05 AM:
On Thursday 09 March 2006 12:03, Debora Velarde wrote:
> If I want to match on two params (say syscall name and group id) would
I
> call ausearch_set_param twice or pass ausearch_set_param all my
parameters
> in one call? Can you post how you imagine the call to look
like?
Yes, you would call it twice. I would expect it to take 2 params: name &
value.
So you would likely do:
ausearch_set_param("syscall", "open");
ausearch_set_param("gid", "500");
Since you are eventually going after Python support, it would be awesome
if (in Pyhton) you could supply a list of pairs, since making multiple
calls is not very friendly.
-Steve
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Attachments:
- attachment.html (text/html — 1.1 KB)