centos man page for auparse_feed

Query: auparse_feed

OS: centos

Section: 3

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

AUPARSE_FEED(3) 						  Linux Audit API						   AUPARSE_FEED(3)

NAME
auparse_feed - feed data into parser
SYNOPSIS
#include <auparse.h> int auparse_feed(auparse_state_t *au, const char *data, size_t data_len); au The audit parse state data a buffer of data to feed into the parser, it is data_len bytes long. The data is copied in the parser, upon return the caller may free or reuse the data buffer. data_len number of bytes in data
DESCRIPTION
auparse_feed supplies new data for the parser to consume. auparse_init() must have been called with a source type of AUSOURCE_FEED and a NULL pointer. The parser consumes as much data as it can invoking a user supplied callback specified with auparse_add_callback with a cb_event_type of AUPARSE_CB_EVENT_READY each time the parser recognizes a complete event in the data stream. Data not fully parsed will persist and be prepended to the next feed data. After all data has been feed to the parser auparse_flush_feed should be called to signal the end of input data and flush any pending parse data through the parsing system.
EXAMPLE
void auparse_callback(auparse_state_t *au, auparse_cb_event_t cb_event_type, void *user_data) { int *event_cnt = (int *)user_data; if (cb_event_type == AUPARSE_CB_EVENT_READY) { if (auparse_first_record(au) <= 0) return; printf("event: %d ", *event_cnt); printf("records:%d ", auparse_get_num_records(au)); do { printf("fields:%d ", auparse_get_num_fields(au)); printf("type=%d ", auparse_get_type(au)); const au_event_t *e = auparse_get_timestamp(au); if (e == NULL) return; printf("event time: %u.%u:%lu ", (unsigned)e->sec, e->milli, e->serial); auparse_first_field(au); do { printf("%s=%s (%s) ", auparse_get_field_name(au), auparse_get_field_str(au), auparse_interpret_field(au)); } while (auparse_next_field(au) > 0); printf(" "); } while(auparse_next_record(au) > 0); (*event_cnt)++; } } main(int argc, char **argv) { char *filename = argv[1]; FILE *fp; char buf[256]; size_t len; int *event_cnt = malloc(sizeof(int)); au = auparse_init(AUSOURCE_FEED, 0); *event_cnt = 1; auparse_add_callback(au, auparse_callback, event_cnt, free); if ((fp = fopen(filename, "r")) == NULL) { fprintf(stderr, "could not open '%s', %s ", filename, strerror(errno)); return 1; } while ((len = fread(buf, 1, sizeof(buf), fp))) { auparse_feed(au, buf, len); } auparse_flush_feed(au); }
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO
auparse_add_callback(3), auparse_flush_feed(3), auparse_feed_has_data(3)
AUTHOR
John Dennis Red Hat May 2007 AUPARSE_FEED(3)
Related Man Pages
auparse_feed(3) - debian
gfs_pio_gets(3) - debian
iv_examples(3) - debian
auparse_feed(3) - suse
sha224_data(3) - netbsd
Similar Topics in the Unix Linux Community
Weird 'find' results
Best performance UNIX just for HOST Virtualization?
DB2 convert digits to binary format
CentOS7 restoring file capabilities
Docker learning Phase-I