Function linux_audit_parser::parse
source ยท pub fn parse(raw: &[u8], skip_enriched: bool) -> Result<Message, ParseError>Expand description
Parse a single log line as produced by auditd(8)
If skip_enriched is set and auditd has been configured to
produce log_format=ENRICHED logs, i.e. to resolve uid, gid,
syscall, arch, sockaddr fields, those resolved values are dropped
by the parser.