linux-audit-bounces@redhat.com wrote on 03/09/2006 11:08:05 AM:

> On Thursday 09 March 2006 12:03, Debora Velarde wrote:
> > If I want to match on two params (say syscall name and group id) would I
> > call ausearch_set_param twice or pass ausearch_set_param all my parameters
> > in one call?  Can you post how you imagine the call to look like?
>
> Yes, you would call it twice. I would expect it to take 2 params: name &
> value.
>
> So you would likely do:
> ausearch_set_param("syscall", "open");
> ausearch_set_param("gid", "500");

Since you are eventually going after Python support, it would be awesome if (in Pyhton) you could supply a list of pairs, since making multiple calls is not very friendly.

>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit