Re: auparse with AUSOURCE_DESCRIPTOR
Never mind... I found out why it was not working...
1. auparse_next_event() does not call callback function. I have to call
that function when auparse_next_event() returns.
2. it expects events in string format. I configured the plugin to send
events in binary format. hence auparse_next_event() was not returning..
3. auparse_next_event() returns only when the parser sees the beginning of
the next event.. i.e first event is returned after seeing the beginning of
the 2nd event. Is this expected?
--Satish
On Wed, Jul 29, 2015 at 4:36 PM, Satish Chandra Kilaru <iam.kilaru(a)gmail.com
wrote:
Has anyone tried AUSOURCE_DESCRIPTOR with a unix socket as fd?
I am doing the following.
int sd_u = socket(AF_UNIX, SOCK_STREAM, 0);
connect(sd_u, (struct sockaddr *) &sa, sizeof(sa))!=0)
auparse_state_t *au = auparse_init(AUSOURCE_DESCRIPTOR, (const void
*)sd_u);
auparse_add_callback(au, auparse_callback, event_cnt, free);
ausearch_next_event(au);
My auparse_callback() is not getting called. My program just blocks in
ausearch_next_event().
read(sd_u, buf, sizeof(buf)) gets me events... That means I am using
correct unix socket.
How do I make the callback function to get called for each event?
Am I missing something here?
Thanks in advance.
--Satish
--
Please Donate to www.wikipedia.org
--
Please Donate to www.wikipedia.org
Attachments:
- attachment.html (text/html — 2.2 KB)