NAME¶
ausearch_add_regex - use regular expression search rule
SYNOPSIS¶
#include <auparse.h>
int ausearch_add_regex(auparse_state_t *au, const char *expr);
DESCRIPTION¶
ausearch_add_regex adds one search condition based on regular expressions to the
audit search API. The search conditions can then be used to scan logs, files,
or buffers for something of interest. You may not use this in combination with
any other search expression. The regular expression follows the posix regular
expression conventions. The search results are at the record level and not the
field.
RETURN VALUE¶
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO¶
ausearch_add_expression(3),
ausearch_add_item(3),
ausearch_clear(3),
ausearch_next_event(3),
regcomp(3).
AUTHOR¶
Steve Grubb