|
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | SEE ALSO | AUTHOR | COLOPHON |
AUPARSE_INTERPRET_FIELD(3) Linux Audit API AUPARSE_INTERPRET_FIELD(3)
auparse_interpret_field - get current field's value interpreted
#include <auparse.h>
const char *auparse_interpret_field(auparse_state_t *au);
auparse_interpret_field allows access to the interpreted value in the
current field of the current record in the current event. The
returned string is escaped using the chosen method. The returned
value will be destroyed if you call this function again. If you need
to interpret another field and keep this value, you will have to copy
it for later use.
Examples of things that could be interpreted are: uid, gid, syscall
numbers, exit codes, file paths, socket addresses, permissions,
modes, and capabilities. There are likely to be more in the future.
If a value cannot be interpreted, its original value is returned.
Returns NULL if there is an error otherwise a pointer to the
interpreted value.
auparse_get_field_int(3),auparse_get_field_str(3),auparse_set_escape_mode(3).
Steve Grubb
This page is part of the audit (Linux Audit) project. Information
about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug report
for this manual page, send it to linux-audit@redhat.com. This page
was obtained from the project's upstream Git repository
⟨https://github.com/linux-audit/audit-userspace.git⟩ on 2017-07-05.
If you discover any rendering problems in this HTML version of the
page, or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the information
in this COLOPHON (which is not part of the original manual page),
send a mail to man-pages@man7.org
Red Hat July 2016 AUPARSE_INTERPRET_FIELD(3)
Pages that refer to this page: auparse_get_field_name(3), auparse_get_field_str(3), auparse_set_escape_mode(3), ausearch_add_interpreted_item(3), ausearch-expression(5)