1AUDIT_SET_ENABLED(3)            Linux Audit API           AUDIT_SET_ENABLED(3)
2
3
4

NAME

6       audit_set_enabled - Enable or disable auditing
7

SYNOPSIS

9       #include <libaudit.h>
10
11       int audit_set_enabled (int fd, int enabled);
12
13

DESCRIPTION

15       audit_set_enabled is used to control whether or not the audit system is
16       active. When the audit system is enabled  (enabled  set  to  1),  every
17       syscall  will  pass through the audit system to collect information and
18       potentially trigger an event.
19
20       If the audit system is disabled (enabled set to  0),  syscalls  do  not
21       enter  the  audit  system  and  no data is collected. There may be some
22       events generated by MAC subsystems like SE Linux even though the  audit
23       system  is  disabled.  It is possible to suppress those events, too, by
24       adding an audit rule with flags set to AUDIT_FILTER_EXCLUDE
25
26

RETURN VALUE

28       The return value is <= 0 on error, otherwise it is the netlink sequence
29       id  number.  This  function  can  have  any  error  that  sendto  would
30       encounter.
31
32

SEE ALSO

34       audit_add_rule_data(3), auditd(8).
35
36

AUTHOR

38       Steve Grubb
39
40
41
42Red Hat                            Oct 2006               AUDIT_SET_ENABLED(3)
Impressum