Audit Parsing Library Requirements

Michael C Thompson mcthomps at us.ibm.com
Mon Mar 13 17:45:30 UTC 2006


linux-audit-bounces at redhat.com wrote on 03/13/2006 09:50:46 AM:

> On Friday 10 March 2006 17:45, Debora Velarde wrote:
> > 1. In this case would  auparse_get_host(auparse_state_t *au) retrieve 
the
> > hostname of this record?
> 
> Since this is introducing the notion of multiple machines potentially 
sharing 
> the same log...would it be more clear to change the name to prevent 
> confusion? 
> 
> Its currently host, but would could make it: server, node, machine, etc.

OK, I have a question because I think there are two issues here:
1) Steve has a function, called auparse_get_host, which is paralleled
by other things like get_serial, which implies that every event has an
associated host
2) This particular event has a host field, I do not think that
auparse_get_host(0 and auparse_get_filed(au,"host") are the same

Do I understand this issue correctly? And if this is the case, is your
reply Debbie's first question still true?

> 
> -Steve
> 
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20060313/c59aa516/attachment.htm>


More information about the Linux-audit mailing list