AUPARSE_GET_TIMESTAMP(3) Linux Audit API AUPARSE_GET_TIMESTAMP(3)NAME
auparse_get_timestamp - access timestamp of the event
SYNOPSIS
#include <auparse.h>
const au_event_t *auparse_get_timestamp(auparse_state_t *au);
DESCRIPTION
auparse_get_timestamp provides an accessor function for the event's timestamp data structure. The data structure is as follows:
typedef struct
{
time_t sec; // Event seconds
unsigned int milli; // millisecond of the timestamp
unsigned long serial; // Serial number of the event
const char *host; // Machine's node name
} au_event_t;
RETURN VALUE
Returns NULL if an error occurs; otherwise, a valid pointer to the data.
SEE ALSO auparse_get_time(3), auparse_get_milli(3), auparse_get_serial(3), auparse_get_node(3), auparse_timestamp_compare(3).
AUTHOR
Steve Grubb
Red Hat Sept 2007 AUPARSE_GET_TIMESTAMP(3)
Check Out this Related Man Page
AUSEARCH_ADD_TIMESTAMP_ITEM(3) Linux Audit API AUSEARCH_ADD_TIMESTAMP_ITEM(3)NAME
ausearch_add_timestamp_item - build up search rule
SYNOPSIS
#include <auparse.h>
int ausearch_add_timestamp_item(auparse_state_t *au, const char *op, time_t sec, unsigned milli, ausearch_rule_t how)
DESCRIPTION
ausearch_add_timestamp_item adds an event time condition to the current audit search expression. The search conditions can then be used to
scan logs, files, or buffers for something of interest. The op parameter specifies the desired comparison. Legal op values are <, <=, >=, >
and =. The left operand of the comparison operator is the timestamp of the examined event, the right operand is specified by the sec and
milli parameters.
The how value determines how this search condition will affect the existing search expression if one is already defined. The possible val-
ues are:
AUSEARCH_RULE_CLEAR
Clear the current search expression, if any, and use only this search condition.
AUSEARCH_RULE_OR
If a search expression E is already configured, replace it by (E || this_search_condition).
AUSEARCH_RULE_AND
If a search expression E is already configured, replace it by (E && this_search_condition).
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
APPLICATION USAGE
Use ausearch_add_item(3) and ausearch_add_interpreted_item(3) to add conditions that check audit record fields. Use ausearch_add_expres-
sion(3) to add complex search expressions using a single function call.
SEE ALSO ausearch_add_expression(3), ausearch_add_item(3), ausearch_add_interpreted_item(3), ausearch_add_regex(3), ausearch_set_stop(3), ause-
arch_clear(3), ausearch_next_event(3), ausearch-expression(5).
AUTHOR
Miloslav Trmac
Red Hat Nov 2007 AUSEARCH_ADD_TIMESTAMP_ITEM(3)
Hi everyone,
does someone know a function to get a 32-bit timestamp, precise enough to cover more than seconds, such as gettimeofday() for example?
And also a function for the 64-bit NTP timestamp??
I am experimenting with RTP, where i need this kind of timestamps!
thanks
to all (0 Replies)
hi all
how do we get the milli seconds in sun unix?
i am using
date +%Y%m%d%H%M%S
to get the unique id and create the file based on this.
but the problem is that if process to load the table takes only less than 1 sec i am getting errror on my table which have the primary key.
how... (2 Replies)
hi all
how do we get the milli seconds in sun unix?
i am using
date +%Y%m%d%H%M%S
to get the unique id and create the file based on this.
but the problem is that if process to load the table takes only less than 1 sec i am getting errror on my table which have the primary key.
how... (1 Reply)
hi all UNIX Gurus,
this is my first post...so i posting this with great expectations:o...hoping to get the similar replies...
my question is....
need to get timestamp with millisecond in UNIX. Date command gives Year,month day, hour,minute and second but it does not give millisecond.
Any... (5 Replies)
Hi,
The file format is like the following.
timestamp=2008-02-28-23.50.29.550675;category=CONTEXT;audit event=CONNECT;
event correlator=2;
database=CURDOMS;userid=inst3;authid=INST3;
origin node=0;coordinator node=0;
application id=AC122081.FA97.054468155029;application... (2 Replies)
Hello all,
In C - Is there a way of setting a timestamp for a file, and keeping it unchanged?
Status information of the file in structure stat is modified automatically, and therefore, as I understand, is not good for that purpose ...
...
Thank you in advance. (3 Replies)
Hi All,
could any body let me know.
how to get timestamp with millisecond precision in unix bash shell.
example -->2005-12-06- 4-22-35-195
please help me.
Thanks,
Krupa:wall: (3 Replies)
Hi,
Could you please tell me the commands to find Total storage space and Serial number of Linux server.
OS -- Red Hat Enterprise Linux Server release 6.6 (Santiago)
This is 2 node cluster.
Regards,
Maddy (1 Reply)