table of contents
AUPARSE_NORMALIZE(3) | Linux Audit API | AUPARSE_NORMALIZE(3) |
NAME¶
auparse_normalize - normalize the current event
SYNOPSIS¶
#include <auparse.h>
int auparse_normalize(auparse_state_t *au, normalize_option_t opt);
DESCRIPTION¶
auparse_normalize analyzes the current event so that the important information about the event can be accessed through a normalized API which positions to internal field cursor to the exact record and field when asked about specific information.
The auparse_normalize function takes an opt argument to tell it how much information to gather. Legal values are:
NORM_OPT_ALL - gather maximum information NORM_OPT_NO_ATTRS - do not gather subject/object attribute information
RETURN VALUE¶
Returns 0 on success and 1 on error.
SEE ALSO¶
auparse_normalize_subject_primary(3), auparse_normalize_object_primary(3).
AUTHOR¶
Steve Grubb
Feb 2017 | Red Hat |