[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Events per System Call



Thank you so much. I have done the painful work for the parser already :) But i was trying to handle the parser like a state machine where i did not know how events ended. With this in place it is complete!
Thanks!
Basim

On Tue, Aug 17, 2010 at 6:18 AM, Steve Grubb <sgrubb redhat com> wrote:
On Monday, August 16, 2010 09:13:54 pm Steve Grubb wrote:
> > If i am taking my data stream through the af_unix socket built-in plugin
> > then will i get the audit_eoe event?
>
> For an audispd plugin, you would need to set the format parameter to
> binary.

Actually, looking at the auparse library code, it looks like the EOE event
comes through in the string format, too.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]