Hi all, I am looking to do some real time parsing with audit. After some testing I figured it would be easier to the parsing in a plugin on the local machine and then send the parsed data to a remote machine for storage.
After reading the audit-parse.txt document I am not quite sure how to proceed. Given that the plugin will receive data on stdin, how would I go about setting the auparse library up (for example, what ausource_t should I specify to initialise the auparse_state_t object) to enable real time parsing? Many thanks, Wouter -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
