audit_add_rule

AUDIT_ADD_RULE(3)          Linux Programmer's Manual         AUDIT_ADD_RULE(3)



NAME
       audit_add_rule - Add new auditing rule

SYNOPSIS
       #include <libaudit.h>


       int audit_add_rule (int fd, struct audit_rule *rule, int flags,
                           int action);


DESCRIPTION
       audit_add_rule uses the function audit_send to add a new rule for
       auditing. audit_add_rule stores flags and action in the audit_rule
       structure and then makes a call to audit_send (fd, AUDIT_ADD, rule,
       sizeof(*rule)). Possible values for flags are:


       ·  AUDIT_PER_TASK

       ·  AUDIT_AT_ENTRY

       ·  AUDIT_AT_EXIT

       Possible values for action are:


       ·  AUDIT_NEVER

       ·  AUDIT_POSSIBLE

       ·  AUDIT_ALWAYS

RETURN VALUE
       The return value is equal to the return value from audit_send.


EXAMPLES
       /* Sample code */
       flags=AUDIT_PER_TASK;
       action=AUDIT_ALWAYS;
       audit_add_rule(fd, &rule, flags, action);




SEE ALSO
       audit_send(3), audit_delete_rule(3), auditctl(8).


AUTHOR
       Debora Velarde.



Linux 2.6                         2004-12-01                 AUDIT_ADD_RULE(3)