NAME¶
ausearch_add_regex - use regular expression search rule
SYNOPSIS¶
#include <auparse.h>
int ausearch_add_regex(auparse_state_t *au, const char *expr);
DESCRIPTION¶
ausearch_add_regex adds one search condition based on a regular expression to
the current audit search expression. The search conditions can then be used to
scan logs, files, or buffers for something of interest. The regular expression
follows the posix extended regular expression conventions, and is matched
against the full record (without interpreting field values).
If an existing search expression
E is already defined, this function
replaces it by
(E && this_regexp).
RETURN VALUE¶
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO¶
ausearch_add_expression(3),
ausearch_add_item(3),
ausearch_clear(3),
ausearch_next_event(3),
regcomp(3).
AUTHOR¶
Steve Grubb