audit_set_enabled






audit_set_enabled − Enable or disable auditing



#include<libaudit.h>

int audit_set_enabled (int fd, int enabled);





     audit_set_enabled is used to control whether or not the
audit system is active. When the audit system is enabled
(enabled set to 1), every syscall will pass through the
audit system to collect information and potentially trigger
an event.

If the audit system is disabled (enabled set to 0), syscalls
do not enter the audit system and no data is collected.
There may be some events generated by MAC subsystems like SE
Linux even though the audit system is disabled. It is
possible to suppress those events, too, by adding an audit
rule with flags set to AUDIT_FILTER_TYPE.





     The return value is <= 0 on error, otherwise it is the
netlink sequence id number. This function can have any error
that sendto would encounter.




audit_add_rule_data(3), auditd(8).


Steve Grubb