Thank you so much. I have done the painful work for the parser already :) But i was trying to handle the parser like a state machine where i did not know how events ended. With this in place it is complete! Thanks! Basim
On Tue, Aug 17, 2010 at 6:18 AM, Steve Grubb <[email protected]> wrote: > On Monday, August 16, 2010 09:13:54 pm Steve Grubb wrote: > > > If i am taking my data stream through the af_unix socket built-in > plugin > > > then will i get the audit_eoe event? > > > > For an audispd plugin, you would need to set the format parameter to > > binary. > > Actually, looking at the auparse library code, it looks like the EOE event > comes through in the string format, too. > > -Steve >
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
