This function is used to encode a name/value pair. This should be
used on any field being logged that potentially contains a space,
a double-quote, or a control character. Any value containing
those have to be specially encoded for the auparse library to
correctly handle the value. The encoding method is designed to
prevent log injection attacks where malicious values could cause
To use this function, pass the name string and value strings on
their respective arguments. If the value is likely to have a NUL
value embedded within it, you will need to pass a value length
that tells in bytes how big the value is. Otherwise, you can pass
a 0 for vlen and the function will simply use strlen against the
value pointer. Also be aware that the name of the field will
cause auparse to do certain things when interpretting the value.
If the name is uid, a user id value in decimal is expected. Make
sure that well known names are used for their intended purpose or
that there is no chance of name collision with something new.
This page is part of the audit (Linux Audit) project.
Information about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug
report for this manual page, send it to firstname.lastname@example.org.
This page was obtained from the project's upstream Git repository
2021-04-01. (At that time, the date of the most recent commit
that was found in the repository was 2021-03-29.) If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to email@example.com
Red Hat Oct 2010 AUDIT_ENCODE_NV_STRING(3)