LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    ausearch_add_interpreted_item

    
    
    

    SYNOPSIS

           #include <auparse.h>
    
           int   ausearch_add_interpreted_item(auparse_state_t   *au,  const  char
           *field, const char *op, const char *value, ausearch_rule_t how);
    
    
    

    DESCRIPTION

           ausearch_add_interpreted_item adds one search condition to the  current
           audit search expression. The search conditions can then be used to scan
           logs, files, or buffers for something of interest. The field  value  is
           the  field  name  that  the  value will be checked for. The op variable
           describes what kind of check is to be done. Legal op values are:
    
                  exists  just check that a field name exists
    
                  =       locate the field name and check that the  value  associ-
                         ated with it is equal to the value given in this rule.
    
                  !=       locate  the field name and check that the value associ-
                         ated with it is NOT equal to  the  value  given  in  this
                         rule.
    
           The  value  parameter  is  compared to the interpreted field value (the
           value that would be returned by auparse_interpret_field(3)).
    
           The how value determines how this  search  condition  will  affect  the
           existing search expression if one is already defined. The possible val-
           ues are:
    
                  AUSEARCH_RULE_CLEAR
                         Clear the current search expression, if any, and use only
                         this search condition.
    
                  AUSEARCH_RULE_OR
                         If  a  search expression E is already configured, replace
                         it by (E || this_search_condition).
    
                  AUSEARCH_RULE_AND
                         If a search expression E is already  configured,  replace
                         it by (E && this_search_condition).
    
    
    

    RETURN VALUE

           Returns -1 if an error occurs; otherwise, 0 for success.
    
    
    

    SEE ALSO

           ausearch_add_expression(3),  ausearch_add_item(3),  ausearch_add_times-
           tamp_item(3),   ausearch_add_regex(3),   ausearch_set_stop(3),    ause-
           arch_clear(3), ausearch_next_event(3), ausearch-expression(5).
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz