audit_set_enabled

AUDIT_SET_ENABLED(3)            Linux Audit API           AUDIT_SET_ENABLED(3)



NAME
       audit_set_enabled - Enable or disable auditing

SYNOPSIS
       #include <libaudit.h>

       int audit_set_enabled (int fd, int enabled);


DESCRIPTION
       audit_set_enabled is used to control whether or not the audit system is
       active. When the audit system is enabled (enabled set to 1), every
       syscall will pass through the audit system to collect information and
       potentially trigger an event.

       If the audit system is disabled (enabled set to 0), syscalls do not
       enter the audit system and no data is collected. There may be some
       events generated by MAC subsystems like SE Linux even though the audit
       system is disabled. It is possible to suppress those events, too, by
       adding an audit rule with flags set to AUDIT_FILTER_EXCLUDE


RETURN VALUE
       The return value is <= 0 on error, otherwise it is the netlink sequence
       id number. This function can have any error that sendto would
       encounter.


SEE ALSO
       audit_add_rule_data(3), auditd(8).


AUTHOR
       Steve Grubb



Red Hat                            Oct 2006               AUDIT_SET_ENABLED(3)