From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: difficulty with TYPE Date: Tue, 15 Jan 2008 09:29:17 -0500 Message-ID: <200801150929.17738.sgrubb@redhat.com> References: <18436f8f0801142314g46f77485x311cfb2826f2dff4@mail.gmail.com> <1200404039.30787.4.camel@code.and.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <1200404039.30787.4.camel@code.and.org> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com Cc: James Antill , Abhishek Gupta List-Id: linux-audit@redhat.com On Tuesday 15 January 2008 08:33:59 James Antill wrote: > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* Get header first. it is fixed size */ > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 vec[0].iov_base =3D (void*)&hdr; > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 vec[0].iov_len =3D sizeof(hdr); > > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 // Next payload > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 vec[1].iov_base =3D data; > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 vec[1].iov_len =3D MAX_AUDIT_MESSAGE_LENG= TH; > > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 rc =3D readv(pipe_fd, vec, 2); > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (rc =3D=3D 0 || rc =3D=3D -1) { > > =C2=A0The second iovec above can't just be MAX_AUDIT_MESSAGE_LENGTH, or= if > there are two messages you'll read some/all of the next one(s). I am fixing the example code to match the code in 1.6.5's audispd program= . The=20 example code was included 2 years ago before we had a working audispd pro= gram=20 so that people that were ambitious could write their own. At this point,=20 audispd is working and people can just code plugins which auparse does wo= rk=20 with when the string mode is selected for output format. See the audispd = man=20 page for more info. -Steve