AUSEARCH_ADD_REGEX(3) Linux Audit API AUSEARCH_ADD_REGEX(3)
NAME
ausearch_add_regex - use regular expression search rule
SYNOPSIS
#include <auparse.h>
int ausearch_add_regex(auparse_state_t *au, const char *expr);
DESCRIPTION
ausearch_add_regex adds one search condition based on regular expressions to the audit search API. The search conditions can then be used
to scan logs, files, or buffers for something of interest. You may not use this in combination with any other search expression. The regu-
lar expression follows the posix regular expression conventions. The search results are at the record level and not the field.
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO
ausearch_add_expression(3), ausearch_add_item(3), ausearch_clear(3), ausearch_next_event(3), regcomp(3).
AUTHOR
Steve Grubb
Red Hat Sept 2007 AUSEARCH_ADD_REGEX(3)