1AUDIT_SET_ENABLED(3)            Linux Audit API           AUDIT_SET_ENABLED(3)
2
3
4

NAME

6       audit_set_enabled - Enable or disable auditing
7

SYNOPSIS

9       #include <libaudit.h>
10
11       int audit_set_enabled(int fd, uint32_t enabled);
12
13

DESCRIPTION

15       audit_set_enabled is used to control whether or not the audit system is
16       active. When the audit system is enabled  (enabled  set  to  1),  every
17       syscall  will  pass through the audit system to collect information and
18       potentially trigger an event.
19
20       If the audit system is disabled (enabled set to 0), syscalls do not en‐
21       ter the audit system and no data is collected. There may be some events
22       generated by MAC subsystems like SE Linux even though the audit  system
23       is disabled. It is possible to suppress those events, too, by adding an
24       audit rule with flags set to AUDIT_FILTER_EXCLUDE
25
26

RETURN VALUE

28       The return value is <= 0 on error, otherwise it is the netlink sequence
29       id  number.  This  function  can  have  any error that sendto would en‐
30       counter.
31
32

SEE ALSO

34       audit_add_rule_data(3), auditd(8).
35
36

AUTHOR

38       Steve Grubb
39
40
41
42Red Hat                            Oct 2006               AUDIT_SET_ENABLED(3)
Impressum