This function is used to encode a name/value pair. This should be
used on any field being logged that potentially contains a space, a
double-quote, or a control character. Any value containing those have
to be specially encoded for the auparse library to correctly handle
the value. The encoding method is designed to prevent log injection
attacks where malicious values could cause parsing errors.
To use this function, pass the name string and value strings on their
respective arguments. If the value is likely to have a NUL value
embedded within it, you will need to pass a value length that tells
in bytes how big the value is. Otherwise, you can pass a 0 for vlen
and the function will simply use strlen against the value pointer.
Also be aware that the name of the field will cause auparse to do
certain things when interpretting the value. If the name is uid, a
user id value in decimal is expected. Make sure that well known names
are used for their intended purpose or that there is no chance of
name collision with something new.
This page is part of the audit (Linux Audit) project. Information
about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug report
for this manual page, send it to firstname.lastname@example.org. This page
was obtained from the project's upstream Git repository
⟨https://github.com/linux-audit/audit-userspace.git⟩ on 2020-06-09.
(At that time, the date of the most recent commit that was found in
the repository was 2020-05-25.) If you discover any rendering prob‐
lems in this HTML version of the page, or you believe there is a bet‐
ter or more up-to-date source for the page, or you have corrections
or improvements to the information in this COLOPHON (which is not
part of the original manual page), send a mail to email@example.com
Red Hat Oct 2010 AUDIT_ENCODE_NV_STRING(3)