AUPARSE_GET_FIELD_TYPE(3) Linux Audit API AUPARSE_GET_FIELD_TYPE(3)NAME
auparse_get_field_type - get current field's data type
SYNOPSIS
#include <auparse.h>
int auparse_get_field_type(auparse_state_t *au);
DESCRIPTION
auparse_get_field_type returns a value from the auparse_type_t enum that describes the kind of data in the current field of the current
record in the current event.
RETURN VALUE
Returns AUPARSE_TYPE_UNCLASSIFIED if the field's data type has no known description or is an integer. Otherwise it returns another enum.
Fields with the type AUPARSE_TYPE_ESCAPED must be interpretted to access their value since those field's raw value is encoded.
SEE ALSO auparse_get_field_name(3).
AUTHOR
Steve Grubb
Red Hat Sept 2008 AUPARSE_GET_FIELD_TYPE(3)
Check Out this Related Man Page
AUSEARCH_ADD_ITEM(3) Linux Audit API AUSEARCH_ADD_ITEM(3)NAME
ausearch_add_item - build up search rule
SYNOPSIS
#include <auparse.h>
int ausearch_add_item(auparse_state_t *au, const char *field, const char *op, const char *value, ausearch_rule_t how);
DESCRIPTION
ausearch_add_item adds one search condition to the current audit search expression. The search conditions can then be used to scan logs,
files, or buffers for something of interest. The field value is the field name that the value will be checked for. The op variable
describes what kind of check is to be done. Legal op values are:
exists
just check that a field name exists
=
locate the field name and check that the value associated with it is equal to the value given in this rule.
!=
locate the field name and check that the value associated with it is NOT equal to the value given in this rule.
The value parameter is compared to the uninterpreted field value. If you are trying to match against a field who's type is
AUPARSE_TYPE_ESCAPED, you will want to use the ausearch_add_interpreted_item() function instead.
The how value determines how this search condition will affect the existing search expression if one is already defined. The possible val-
ues are:
AUSEARCH_RULE_CLEAR
Clear the current search expression, if any, and use only this search condition.
AUSEARCH_RULE_OR
If a search expression E is already configured, replace it by (E || this_search_condition).
AUSEARCH_RULE_AND
If a search expression E is already configured, replace it by (E && this_search_condition).
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO ausearch_add_expression(3), ausearch_add_interpreted_item(3), ausearch_add_timestamp_item(3), ausearch_add_regex(3), ausearch_set_stop(3),
ausearch_clear(3), ausearch_next_event(3), ausearch-expression(5).
AUTHOR
Steve Grubb
Red Hat Feb 2012 AUSEARCH_ADD_ITEM(3)
Hi all,
I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only.
Regards (6 Replies)
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
Hi,
Last 2 weeks I have searched many forums and i haven't found the answer for the question:
How to get all command output to Putty title?
Needed it for other programs to know when some jobs on a server is done and is it done right or wrong. Plink stdout and stdin wasn't working, i used many... (1 Reply)
anyone have any idea how do to this with auth_attr?
I suspect if I grant him
solaris.device.:RO::Device Allocation::help=DevAllocHeader.html
that will work but I'm unsure. Just looking for a second opinion. (10 Replies)
I am looking for a stable, reliable system to replace my current Windows systems in the home. These are simple systems that I purchased from the local Big Box store.
I have heard many good things about Unix and it's various children and it sounds like a good option to me. I have worked... (2 Replies)
We have a lot of scripts using cut as :
cut -c 0-8 --works for cut (GNU coreutils) 5.97, but does not work for cut (GNU coreutils) 8.4.
Gives error -
cut: fields and positions are numbered from 1
Try `cut --help' for more information.
The position needs to start with 1 for later... (6 Replies)
I've got a problem with a proxy configuration. We have an LDAP group that lists all users who are authorised to use the proxy to FTP (usually Filezilla) out to the world, and by implication those not in the group should be denied. My users are delighted that this has been enabled and those that... (9 Replies)
hi folks,
how to using tar with exclude directory and compress it using tar.Z
i only know how to exclude dir only with this command below:
tar -cvf /varios/restore/test.tar -X excludefile.txt /jfma/test1/
how to compress it using 1 command?
Thanx
Please use CODE tags as... (6 Replies)
Hello All,
I had recently learnt a bit of Docker(which provides containerization process).
Here are some of my learning points from it.
Let us start first with very basic question:
What is Docker:
Docker is a platform for sysadmins and developers to DEPLOY, DEVELOP and RUN applications ... (7 Replies)
What is the point of this? Whenever I close my shell it appends to the history file without adding this. I have never seen it overwrite my history file.
# When the shell exits, append to the history file instead of overwriting it
shopt -s histappend (3 Replies)
Hello for all,
I am testing the behavior of a 32 bit application running on Solaris 5.10 (SPARC), and realize it reaches 4GB of memory and then crashes.
It doesn't matter the amount of used memory as application is intended to perform many transactions; rather, what I want to achieve is to... (2 Replies)