AUSEARCH_ADD_expression(3) Linux Audit API AUSEARCH_ADD_expression(3)NAME
ausearch_add_expression - build up search expression
SYNOPSIS
#include <auparse.h>
int ausearch_add_expression(auparse_state_t *au, const char *expression, char **error, ausearch_rule_t how);
DESCRIPTION
ausearch_add_item adds an expression to the current audit search expression. The search conditions can then be used to scan logs, files,
or buffers for something of interest. The expression parameter contains an expression, as specified in ausearch-expression(5).
The how parameter determines how this search expression will affect the existing search expression, if one is already defined. The possi-
ble values are:
AUSEARCH_RULE_CLEAR
Clear the current search expression, if any, and use only this search expression.
AUSEARCH_RULE_OR
If a search expression E is already configured, replace it by (E || this_search_expression).
AUSEARCH_RULE_AND
If a search expression E is already configured, replace it by (E && this_search_expression).
RETURN VALUE
If successful, ausearch_add_expression returns 0. Otherwise, it returns -1, sets errno and it may set *error to an error message; the
caller must free the error message using free(3). If an error message is not available or can not be allocated, *error is set to NULL.
SEE ALSO ausearch_add_item(3), ausearch_add_interpreted_item(3), ausearch_add_timestamp_item(3), ausearch_add_regex(3), ausearch_set_stop(3), ause-
arch_clear(3), ausearch_next_event(3), ausearch-expression(5).
AUTHOR
Miloslav Trmac
Red Hat Feb 2008 AUSEARCH_ADD_expression(3)
Check Out this Related Man Page
AUSEARCH_ADD_TIMESTAMP_ITEM(3) Linux Audit API AUSEARCH_ADD_TIMESTAMP_ITEM(3)NAME
ausearch_add_timestamp_item - build up search rule
SYNOPSIS
#include <auparse.h>
int ausearch_add_timestamp_item(auparse_state_t *au, const char *op, time_t sec, unsigned milli, ausearch_rule_t how)
DESCRIPTION
ausearch_add_timestamp_item adds an event time condition to the current audit search expression. The search conditions can then be used to
scan logs, files, or buffers for something of interest. The op parameter specifies the desired comparison. Legal op values are <, <=, >=, >
and =. The left operand of the comparison operator is the timestamp of the examined event, the right operand is specified by the sec and
milli parameters.
The how value determines how this search condition will affect the existing search expression if one is already defined. The possible val-
ues are:
AUSEARCH_RULE_CLEAR
Clear the current search expression, if any, and use only this search condition.
AUSEARCH_RULE_OR
If a search expression E is already configured, replace it by (E || this_search_condition).
AUSEARCH_RULE_AND
If a search expression E is already configured, replace it by (E && this_search_condition).
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
APPLICATION USAGE
Use ausearch_add_item(3) and ausearch_add_interpreted_item(3) to add conditions that check audit record fields. Use ausearch_add_expres-
sion(3) to add complex search expressions using a single function call.
SEE ALSO ausearch_add_expression(3), ausearch_add_item(3), ausearch_add_interpreted_item(3), ausearch_add_regex(3), ausearch_set_stop(3), ause-
arch_clear(3), ausearch_next_event(3), ausearch-expression(5).
AUTHOR
Miloslav Trmac
Red Hat Nov 2007 AUSEARCH_ADD_TIMESTAMP_ITEM(3)
Hi
I need to find one string in all files and replace tht string with blank space and need to redirect all the files into the same directory again.
now i am using
find ./ -name "*.dmp" | xargs perl -pi -e 's/\\N//g' | sed 's/.$//g'
but now its not redirrecting properly .
its taking... (21 Replies)
Monday April 07, 2008
Hello - I was wondering if someone could help me? I have some basic knowledge of awk, etc., and can create simple scripts (e.g. a search_replace.awk file) that can be called from the command line:
$ awk -f search_replace.awk <file to be searched>
I have a... (11 Replies)
I always kind of wondered this but I have a variable that I want to use in a search and replace. Basically I want to search a file for the string in my variable and replace it with something fixed but I'm unsure of the variable rule in sed. Here's generally what I have:
sed 's/$name/newname/g'... (15 Replies)
this is the content of the file:
i want to remove both the line starting with "=" and "(" but i can only remove one at a time..so how do I go about removing both of them? (15 Replies)
can someone help me with the find and replace command.
I have a input file which is in the below format:
0011200ALN00000000009EGYPT 000000000000199900000
0011200ALN00000000009EGYPT 000000000000199900000
0011200ALN00000000008EGYPT 000000000000199800000
0011200ALN00000000009EGYPT ... (20 Replies)
I need to search for a line containing only 'XYY' or '//'. Then if the next line is either 'COD' or 'FAL' I need to replace positions 3-5 of the line 2 lines after that depending on its value.
So my incoming file is like this:
ABC
XYZ
COD
AS/12/1436/02MAR09
K 99X C4347 N6450SDQ... (9 Replies)
I need a quick expression to be able to pull out all the data in a text file that looks like "http:// some random url etc" So it should grab any string that begins with "http:// and ends with " There are other double quotes in the file but I only want the ones that start with "http:// and the... (31 Replies)
Hi,
My problem is that I have to search a changing pattern and replace it with the wild card char "*"
i/p: 99_*_YYYYMMDD_SRC.txt.tar.gz
o/p: 99_*_*_SRC.txt.tar.gz
The problem is that YYYYMMDD pattern is not static. It could be YYYYMMDDHHMI or could be YYYYMMDDHHMISS.
Can... (10 Replies)
Hello,
I am having trouble calculating some numbers and I was hoping someone could help me solve this.
I have one file with 1 column and what I'm trying to do is add up the lines until a certain value is reach, then jump to where it last finished counting and continue.
so for ex: if I... (27 Replies)
Hello,
I am using sed in a for loop to replace text in a 100MB file. I have about 55,000 entries to convert in a csv file with two entries per line. The following script works to search file.txt for the first field from conversion.csv and then replace it with the second field. While it works fine,... (15 Replies)
Hi,
I have an input file with below data and rules file to apply search and replace by each field in the input based on exact value or pattern.
Could you please help me with unix script to read input file and rules file and then create the output and reject files based on the rules file.
Input... (13 Replies)
Hello again. I have two problems - is it possible to solve them?
1. I want to replace a few bytes after specific hex-string.
i.e.: I want to replace two bytes after AA AB AC:
AA AB AC 00 00 AA AA AA
so the expected result should be:
AA AB AC FF FF AA AA AA
2. I want to replace three bytes... (9 Replies)
I am not sure how to search and replace the word in the few specific files.
I need to search and replace word in only the name containing pepsi in the filename. (12 Replies)
Hi Everyone,
I have a requirement in ksh where i have a set of files in a directory. I need to search each and every file if a particular string is present in the file, delete that line and replace that line with another string expression in the same file.
I am very new to unix. Kindly help... (10 Replies)