Has anyone tried AUSOURCE_DESCRIPTOR with a unix socket as fd? I am doing the following.
int sd_u = socket(AF_UNIX, SOCK_STREAM, 0); connect(sd_u, (struct sockaddr *) &sa, sizeof(sa))!=0) auparse_state_t *au = auparse_init(AUSOURCE_DESCRIPTOR, (const void *)sd_u); auparse_add_callback(au, auparse_callback, event_cnt, free); ausearch_next_event(au); My auparse_callback() is not getting called. My program just blocks in ausearch_next_event(). read(sd_u, buf, sizeof(buf)) gets me events... That means I am using correct unix socket. How do I make the callback function to get called for each event? Am I missing something here? Thanks in advance. --Satish -- Please Donate to www.wikipedia.org
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
