AUDIT_SET_FAILURE
Section: Linux Audit API (3)
Updated: June 2015
Page Index
NAME
audit_set_failure - Set audit failure flag
SYNOPSIS
#include <libaudit.h>
int audit_set_failure(int fd, int failure);
DESCRIPTION
audit_set_failure sets the action that the kernel will perform when the backlog limit is reached or when it encounters an error and cannot proceed. Possible values are:
- 0 - AUDIT_FAIL_SILENT
-
Do nothing, report nothing, skip logging the record and continue.
- 1 - AUDIT_FAIL_PRINTK [default]
-
Log the audit record using printk which will cause subsequent events to get written to syslog.
- 2 - AUDIT_FAIL_PANIC
-
Call the panic function. This would be used to prevent use of the machine upon loss of audit events.
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.
SEE ALSO
audit_set_backlog(3),
audit_open(3),
auditd(8),
auditctl(8).
AUTHOR
Steve Grubb