Re: [patch] Syscall auditing - move "name=" field to the end

On Thu, Mar 17, 2005 at 10:30:24AM -0800, Chris Wright wrote: We had this discussion a couple of weeks ago when we were talking about a parseable format for audit records, but I think we didn't reach a consensus back then. I had proposed back then to use backslash escaping for newline, tab, single quotes, and backslashes, and octal escapes for control characters - that's fairly unobtrusive for normal filenames. You could add quotes to the list of escaped characters if the strings are printed as quoted strings. -Klaus void print_escaped_string(FILE *out, const char *txt) { for (;*txt;++txt) { switch(*txt) { case '\n': putc('\\', out); putc('n', out); break; case '\t': putc('\\', out); putc('t', out); break; case '\'': case '\\': putc('\\', out); putc(*txt, out); break; default: if (*txt<32) { fprintf(out, "\\%03o", *txt); } else { putc(*txt, out); } } } }