AUDIT_SET_FAILURE

Section: Linux Audit API (3)
Updated: June 2015
Page Index
 

NAME

audit_set_failure - Set audit failure flag  

SYNOPSIS

#include <libaudit.h>

int audit_set_failure(int fd, int failure);

 

DESCRIPTION

audit_set_failure sets the action that the kernel will perform when the backlog limit is reached or when it encounters an error and cannot proceed. Possible values are:

0 - AUDIT_FAIL_SILENT
Do nothing, report nothing, skip logging the record and continue.

1 - AUDIT_FAIL_PRINTK [default]
Log the audit record using printk which will cause subsequent events to get written to syslog.

2 - AUDIT_FAIL_PANIC
Call the panic function. This would be used to prevent use of the machine upon loss of audit events.

 

RETURN VALUE

The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.

 

SEE ALSO

audit_set_backlog(3), audit_open(3), auditd(8), auditctl(8).

 

AUTHOR

Steve Grubb


 

Index

NAME
SYNOPSIS
DESCRIPTION
RETURN VALUE
SEE ALSO
AUTHOR