Never mind... I found out why it was not working... 1. auparse_next_event() does not call callback function. I have to call that function when auparse_next_event() returns. 2. it expects events in string format. I configured the plugin to send events in binary format. hence auparse_next_event() was not returning.. 3. auparse_next_event() returns only when the parser sees the beginning of the next event.. i.e first event is returned after seeing the beginning of the 2nd event. Is this expected?
--Satish On Wed, Jul 29, 2015 at 4:36 PM, Satish Chandra Kilaru <[email protected] > wrote: > Has anyone tried AUSOURCE_DESCRIPTOR with a unix socket as fd? > > I am doing the following. > > int sd_u = socket(AF_UNIX, SOCK_STREAM, 0); > connect(sd_u, (struct sockaddr *) &sa, sizeof(sa))!=0) > auparse_state_t *au = auparse_init(AUSOURCE_DESCRIPTOR, (const void > *)sd_u); > auparse_add_callback(au, auparse_callback, event_cnt, free); > ausearch_next_event(au); > > My auparse_callback() is not getting called. My program just blocks in > ausearch_next_event(). > > read(sd_u, buf, sizeof(buf)) gets me events... That means I am using > correct unix socket. > How do I make the callback function to get called for each event? > > Am I missing something here? > > Thanks in advance. > --Satish > -- > Please Donate to www.wikipedia.org > -- Please Donate to www.wikipedia.org
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
