AUDIT_SET_ENABLED

Section: Linux Audit API (3)
Updated: Oct 2006
Page Index
 

NAME

audit_set_enabled - Enable or disable auditing  

SYNOPSIS

#include <libaudit.h>

int audit_set_enabled (int fd, int enabled);

 

DESCRIPTION

audit_set_enabled is used to control whether or not the audit system is active. When the audit system is enabled (enabled set to 1), every syscall will pass through the audit system to collect information and potentially trigger an event.

If the audit system is disabled (enabled set to 0), syscalls do not enter the audit system and no data is collected. There may be some events generated by MAC subsystems like SE Linux even though the audit system is disabled. It is possible to suppress those events, too, by adding an audit rule with flags set to AUDIT_FILTER_EXCLUDE

 

RETURN VALUE

The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.

 

SEE ALSO

audit_add_rule_data(3), auditd(8).

 

AUTHOR

Steve Grubb


 

Index

NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
SEE ALSO
AUTHOR