matches_log_tcp
EXPECT_EQ(0, matches_log_tcp(self->audit_fd, "net\\.bind_tcp", "saddr",
EXPECT_EQ(0, matches_log_tcp(self->audit_fd, "net\\.connect_tcp",
