audit_request_status − Request status of the audit system


int audit_request_status (int fd);

     audit_request_status requests that the kernel send
status structure describing various settings. The
audit_status structure is as follows:

     struct audit_status {
        __u32   mask;           /* Bit mask for valid entries */
        __u32   enabled;        /* 1 = enabled, 0 = disabled */
        __u32   failure;        /* Failure‐to‐log action */
        __u32   pid;            /* pid of auditd process */
        __u32   rate_limit;     /* messages rate limit (per second) */
        __u32   backlog_limit;  /* waiting messages limit */
        __u32   lost;           /* messages lost */
        __u32   backlog;        /* messages waiting in queue */

The return value is <= 0 on error, otherwise it is the
netlink sequence id number. This function can have any error
that sendto would encounter.

audit_open(3), auditd(8).

Steve Grubb