[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Audit Parsing Library Requirements



On Fri, Mar 10, 2006 at 12:05:27PM -0500, Steve Grubb wrote:
> This would allow the following kind of programming:
> 
>         if (!auparse_init(AUSOURCE_LOGS, NULL))
>         if (!ausearch_set_param("auid", "=", "500", AUSEARCH_STOP_RECORD))
>         while (ausearch_next_event()) {
>                 if (auparse_find_field("auid"))

With this kind of interface, the library will need to keep state
internally, which seems to make it impossible to have multiple scanners
active from the same application. An example for that would be a GUI
application for examining audit logs which may very well want to have
multiple search windows open at once.

How about an extra parameter to make the state management explicit,
similar to the stdio.h opaque FILE* type, to allow fully reentrant
operation?

Something like this:

	auparse_state_t *au;
        if (! (au = auparse_init(AUSOURCE_LOGS, NULL)))
        if (!ausearch_set_param(au, "auid", "=", "500", AUSEARCH_STOP_RECORD))
        while (ausearch_next_event(au, )) {
                 if (auparse_find_field(au, "auid"))

-Klaus


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]