NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | SEE ALSO | AUTHOR | COLOPHON

AUPARSE_INTERPRET_FIELD(3)     Linux Audit API    AUPARSE_INTERPRET_FIELD(3)

NAME         top

       auparse_interpret_field, auparse_interpret_realpath - get current field's interpreted value

SYNOPSIS         top

       #include <auparse.h>

       const char *auparse_interpret_field(auparse_state_t *au);
       const char *auparse_interpret_realpath(auparse_state_t *au);

DESCRIPTION         top

       auparse_interpret_field allows access to the interpreted value in the
       current field of the current record in the current event. The
       returned string is escaped using the chosen method. The returned
       value will be destroyed if you call this function again. If you need
       to interpret another field and keep this value, you will have to copy
       it for later use.

       Examples of things that could be interpreted are: uid, gid, syscall
       numbers, exit codes, file paths, socket addresses, permissions,
       modes, and capabilities. There are likely to be more in the future.
       If a value cannot be interpreted, its original value is returned.

       auparse_interpret_realpath is like auparse_interpret_field except
       that it will call realpath on the results of gluing the cwd and file
       together. This also implies that it only valid to be called for the
       file name given in a PATH record.

RETURN VALUE         top

       Returns NULL if there is an error otherwise a pointer to the
       interpreted value.

SEE ALSO         top

       auparse_get_field_int(3),auparse_get_field_str(3),auparse_set_escape_mode(3).

AUTHOR         top

       Steve Grubb

COLOPHON         top

       This page is part of the audit (Linux Audit) project.  Information
       about the project can be found at 
       ⟨http://people.redhat.com/sgrubb/audit/⟩.  If you have a bug report
       for this manual page, send it to linux-audit@redhat.com.  This page
       was obtained from the project's upstream Git repository 
       ⟨https://github.com/linux-audit/audit-userspace.git⟩ on 2017-09-15.
       If you discover any rendering problems in this HTML version of the
       page, or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the information
       in this COLOPHON (which is not part of the original manual page),
       send a mail to man-pages@man7.org

Red Hat                          August 2017      AUPARSE_INTERPRET_FIELD(3)

Pages that refer to this page: auparse_get_field_name(3)auparse_get_field_str(3)auparse_set_escape_mode(3)ausearch_add_interpreted_item(3)ausearch-expression(5)