AUPARSE_GET_TIMESTAMP(3) Linux Audit API AUPARSE_GET_TIMESTAMP(3)

auparse_get_timestamp - access timestamp of the event

#include <auparse.h>

const au_event_t *auparse_get_timestamp(const auparse_state_t *au);

auparse_get_timestamp provides an accessor function for the event's timestamp data structure. The data structure is as follows:

typedef struct
{
        time_t sec;             // Event seconds
        unsigned int milli;     // millisecond of the timestamp
        unsigned long serial;   // Serial number of the event
        const char *host;       // Machine's node name
} au_event_t;

Returns NULL if an error occurs; otherwise, a valid pointer to the data.

auparse_get_time(3), auparse_get_milli(3), auparse_get_serial(3), auparse_get_node(3), auparse_timestamp_compare(3).

Steve Grubb

Sept 2007 Red Hat