diff options
author | 2015-11-29 08:22:13 -0800 | |
---|---|---|
committer | 2015-11-29 08:22:13 -0800 | |
commit | df5afa4fcd9725380f94ca6476248d4cc24f889a (patch) | |
tree | 65456f62397305febf7f40778c5a413a35d094ef /framework/src/audit/docs/ausearch_add_expression.3 | |
parent | 76f6bf922552c00546e6e85ca471eab28f56986c (diff) |
v2.4.4 audit sources
Change-Id: I9315a7408817db51edf084fb4d27fbb492785084
Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>
Diffstat (limited to 'framework/src/audit/docs/ausearch_add_expression.3')
-rw-r--r-- | framework/src/audit/docs/ausearch_add_expression.3 | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/framework/src/audit/docs/ausearch_add_expression.3 b/framework/src/audit/docs/ausearch_add_expression.3 new file mode 100644 index 00000000..c3c17c9d --- /dev/null +++ b/framework/src/audit/docs/ausearch_add_expression.3 @@ -0,0 +1,71 @@ +.TH "AUSEARCH_ADD_expression" "3" "Feb 2008" "Red Hat" "Linux Audit API" +.SH NAME +ausearch_add_expression \- build up search expression +.SH "SYNOPSIS" +.B #include <auparse.h> + +\fBint ausearch_add_expression(auparse_state_t *\fIau\fB, +const char *\fIexpression\fB, char **\fIerror\fB, ausearch_rule_t \fIhow\fB);\fR + +.SH "DESCRIPTION" + +.B ausearch_add_item +adds an expression to the current audit search expression. +The search conditions can then be used to scan logs, files, or buffers +for something of interest. +The +.I expression +parameter contains an expression, as specified in +.BR ausearch\-expression (5). + +The +.I how +parameter determines +how this search expression will affect the existing search expression, +if one is already defined. +The possible values are: +.RS +.TP +.I AUSEARCH_RULE_CLEAR +Clear the current search expression, if any, +and use only this search expression. +.TP +.I AUSEARCH_RULE_OR +If a search expression +.I E +is already configured, +replace it by \fB(\fIE\fB || \fIthis_search_expression\fB)\fR. +.TP +.I AUSEARCH_RULE_AND +If a search expression +.I E +is already configured, +replace it by \fB(\fIE\fB && \fIthis_search_expression\fB)\fR. +.RE + +.SH "RETURN VALUE" + +If successful, +.B ausearch_add_expression +returns 0. +Otherwise, it returns \-1, sets +.B errno +and it may set \fB*\fIerror\fR to an error message; +the caller must free the error message using +.BR free (3). +If an error message is not available or can not be allocated, \fB*\fIerror\fR +is set to \fBNULL\fR. + +.SH "SEE ALSO" + +.BR ausearch_add_item (3), +.BR ausearch_add_interpreted_item (3), +.BR ausearch_add_timestamp_item (3), +.BR ausearch_add_regex (3), +.BR ausearch_set_stop (3), +.BR ausearch_clear (3), +.BR ausearch_next_event (3), +.BR ausearch\-expression (5). + +.SH AUTHOR +Miloslav Trmac |