From mboxrd@z Thu Jan  1 00:00:00 1970
From: Miloslav Trmac <mitr@redhat.com>
Subject: Re: auparse question
Date: Tue, 30 Aug 2011 19:18:02 -0400 (EDT)
Message-ID: <441829808.1008931.1314746282860.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
References: <1314738737.2034.77.camel@lcb>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1314738737.2034.77.camel@lcb>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: LC Bruzenak <lenny@magitekltd.com>
Cc: Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

----- Original Message -----
> I'm using auparse_get_field_type from the parse lib.
> The return value for error is "0" which is also that of the AUDIT_PID
> field.
> 
> Right? I am getting some errors that thought they were PIDs.
The return value of auparse_get_field_type() is a value from auparse_type_t defined in auparse-defs.h.  0 is AUPARSE_TYPE_UNCLASSIFIED (i.e. "there is no current field, or we don't know what kind of data is in the field").  AUPARSE_TYPE_* and the AUDIT_* field enums both deal with fields, but are distinct.  It is somewhat confusing I'm afraid.
   Mirek