pub fn parse<'a>(
raw: &[u8],
skip_enriched: bool,
) -> Result<Message<'a>, ParseError>Expand description
Parse a single log line as produced by auditd(8)
If skip_enriched is set and auditd has been configured to
produce log_format=ENRICHED logs, i.e. to resolve uid, gid,
syscall, arch, sockaddr fields, those resolved values are
dropped by the parser.
To maintain compatibility, parse does not attempt to process
single-quoted msg='…' strings into key/value maps.