get_matching_autag_info - get tag information for a binary audit record
cc [ flag...] file ... -laudit [library ...] #include <security/libaudit.h> nvlist_t *get_matching_autag_info(void *audit_record, char *tags_fname);
The get_matching_autag_info() function returns an nvlist containing information about names of audit tags which the specified binary audit record matches. All nvpairs in the returned nvlist will be of the same name ("tagname"), and the values are all string type containing the tagname matched.
audit_record points to the binary audit record.
tags_fname specifies the tags file name to be used. If NULL is specified, then the default audit tags are used.
Upon successful completion, an nvlist is allocated and the address is returned. Otherwise, NULL is returned if no tags are found or if an error occurs. If an error occurs, errno is set to indicate the error.
The caller must call the nvlist_free() function to deallocate any returned nvlist. For more information, see the nvlist_free(3NVPAIR) man page.
The get_matching_autag_info() function will fail if:
The specified tag file is not found or is not a regular file.
The specified tag file is not accessible.
An error occurred while parsing the audit record argument.
#include <security/libaudit.h> #include <errno.h> int error; nvlist_t *list; nvpair_t *pair = NULL; char *tagname; . . . errno = 0; if ((list = get_matching_autag_info(record, NULL)) == NULL) { if (errno != 0) { perror("get_matching_autag_info"); exit(1); } return (0); } while ((pair = nvlist_next_nvpair(list, pair)) != NULL) { error = nvpair_value_string(pair, &tagname); . . . } nvlist_free(list);
See attributes(7) for descriptions of the following attributes:
|
libnvpair(3LIB), audit_tags(5), audit.log(5), attributes(7)
The get_matching_autag_info() function was added in Oracle Solaris 11.4.0.