Please update text in the wiki surrounding the skeleton.c example audispd listener here, to mention it only works correctly plugin conf format set to "binary". The default value is "string".
A note on how data is passed to listeners when format is "string" would also be helpful here. Specifically:
- assert no header is sent
- records are newline terminated, so i.e. it's essentially equivalent to tailing the audit.log.
- clarify guarantees or lack there of about how multi record (line) events are delivered - are they guaranteed to be contiguous? Are they always available all at once without blocking?
Please update text in the wiki surrounding the skeleton.c example audispd listener here, to mention it only works correctly plugin conf
formatset to "binary". The default value is "string".A note on how data is passed to listeners when format is "string" would also be helpful here. Specifically: