Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

auparse_feed(3) [debian man page]

AUPARSE_FEED(3) 						  Linux Audit API						   AUPARSE_FEED(3)

auparse_feed - feed data into parser SYNOPSIS
#include <auparse.h> int auparse_feed(auparse_state_t *au, const char *data, size_t data_len); au The audit parse state data a buffer of data to feed into the parser, it is data_len bytes long. The data is copied in the parser, upon return the caller may free or reuse the data buffer. data_len number of bytes in data DESCRIPTION
auparse_feed supplies new data for the parser to consume. auparse_init() must have been called with a source type of AUSOURCE_FEED and a NULL pointer. The parser consumes as much data as it can invoking a user supplied callback specified with auparse_add_callback with a cb_event_type of AUPARSE_CB_EVENT_READY each time the parser recognizes a complete event in the data stream. Data not fully parsed will persist and be prepended to the next feed data. After all data has been feed to the parser auparse_flush_feed should be called to signal the end of input data and flush any pending parse data through the parsing system. EXAMPLE
void auparse_callback(auparse_state_t *au, auparse_cb_event_t cb_event_type, void *user_data) { int *event_cnt = (int *)user_data; if (cb_event_type == AUPARSE_CB_EVENT_READY) { if (auparse_first_record(au) <= 0) return; printf("event: %d ", *event_cnt); printf("records:%d ", auparse_get_num_records(au)); do { printf("fields:%d ", auparse_get_num_fields(au)); printf("type=%d ", auparse_get_type(au)); const au_event_t *e = auparse_get_timestamp(au); if (e == NULL) return; printf("event time: %u.%u:%lu ", (unsigned)e->sec, e->milli, e->serial); auparse_first_field(au); do { printf("%s=%s (%s) ", auparse_get_field_name(au), auparse_get_field_str(au), auparse_interpret_field(au)); } while (auparse_next_field(au) > 0); printf(" "); } while(auparse_next_record(au) > 0); (*event_cnt)++; } } main(int argc, char **argv) { char *filename = argv[1]; FILE *fp; char buf[256]; size_t len; int *event_cnt = malloc(sizeof(int)); au = auparse_init(AUSOURCE_FEED, 0); *event_cnt = 1; auparse_add_callback(au, auparse_callback, event_cnt, free); if ((fp = fopen(filename, "r")) == NULL) { fprintf(stderr, "could not open '%s', %s0, filename, strerror(errno)); return 1; } while ((len = fread(buf, 1, sizeof(buf), fp))) { auparse_feed(au, buf, len); } auparse_flush_feed(au); } RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success. SEE ALSO
auparse_add_callback(3), auparse_flush_feed(3) AUTHOR
John Dennis Red Hat May 2007 AUPARSE_FEED(3)

Check Out this Related Man Page

PARSE_TIME(3)						   BSD Library Functions Manual 					     PARSE_TIME(3)

parse_time, print_time_table, unparse_time, unparse_time_approx, -- parse and unparse time intervals LIBRARY
The roken library (libroken, -lroken) SYNOPSIS
#include <parse_time.h> int parse_time(const char *timespec, const char *def_unit); void print_time_table(FILE *f); size_t unparse_time(int seconds, char *buf, size_t len); size_t unparse_time_approx(int seconds, char *buf, size_t len); DESCRIPTION
The parse_time() function converts a the period of time specified in into a number of seconds. The timespec can be any number of <number unit> pairs separated by comma and whitespace. The number can be negative. Number without explicit units are taken as being def_unit. The unparse_time() and unparse_time_approx() does the opposite of parse_time(), that is they take a number of seconds and express that as human readable string. unparse_time produces an exact time, while unparse_time_approx restricts the result to only include one units. print_time_table() prints a descriptive list of available units on the passed file descriptor. The possible units include: second, s minute, m hour, h day week seven days month 30 days year 365 days Units names can be arbitrarily abbreviated (as long as they are unique). RETURN VALUES
parse_time() returns the number of seconds that represents the expression in timespec or -1 on error. unparse_time() and unparse_time_approx() return the number of characters written to buf. if the return value is greater than or equal to the len argument, the string was too short and some of the printed characters were discarded. EXAMPLES
#include <stdio.h> #include <parse_time.h> int main(int argc, char **argv) { int i; int result; char buf[128]; print_time_table(stdout); for (i = 1; i < argc; i++) { result = parse_time(argv[i], "second"); if(result == -1) { fprintf(stderr, "%s: parse error ", argv[i]); continue; } printf("-- "); printf("parse_time = %d ", result); unparse_time(result, buf, sizeof(buf)); printf("unparse_time = %s ", buf); unparse_time_approx(result, buf, sizeof(buf)); printf("unparse_time_approx = %s ", buf); } return 0; } $ ./a.out "1 minute 30 seconds" "90 s" "1 y -1 s" 1 year = 365 days 1 month = 30 days 1 week = 7 days 1 day = 24 hours 1 hour = 60 minutes 1 minute = 60 seconds 1 second -- parse_time = 90 unparse_time = 1 minute 30 seconds unparse_time_approx = 1 minute -- parse_time = 90 unparse_time = 1 minute 30 seconds unparse_time_approx = 1 minute -- parse_time = 31535999 unparse_time = 12 months 4 days 23 hours 59 minutes 59 seconds unparse_time_approx = 12 months BUGS
Since parse_time() returns -1 on error there is no way to parse "minus one second". Currently "s" at the end of units is ignored. This is a hack for English plural forms. If these functions are ever localised, this scheme will have to change. HEIMDAL
October 31, 2004 HEIMDAL
Man Page

Featured Tech Videos