audit_set_enabled(3) — Linux manual page
AUDIT_SET_ENABLED(3) Linux Audit API AUDIT_SET_ENABLED(3)
NAME
audit_set_enabled - Enable or disable auditing
SYNOPSIS
#include <libaudit.h>
int audit_set_enabled(int fd, uint32_t enabled);
DESCRIPTION
audit_set_enabled is used to control whether or not the audit
system is active. When the audit system is enabled (enabled set
to 1), every syscall will pass through the audit system to
collect information and potentially trigger an event.
If the audit system is disabled (enabled set to 0), syscalls do
not enter the audit system and no data is collected. There may be
some events generated by MAC subsystems like SE Linux even though
the audit system is disabled. It is possible to suppress those
events, too, by adding an audit rule with flags set to
AUDIT_FILTER_EXCLUDE
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink
sequence id number. This function can have any error that sendto
would encounter.
SEE ALSO
audit_add_rule_data(3), auditd(8).
AUTHOR
Steve Grubb
COLOPHON
This page is part of the audit (Linux Audit) project.
Information about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug
report for this manual page, send it to linux-audit@redhat.com.
This page was obtained from the project's upstream Git repository
⟨https://github.com/linux-audit/audit-userspace.git⟩ on
2024-06-14. (At that time, the date of the most recent commit
that was found in the repository was 2024-06-12.) If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to man-pages@man7.org
Red Hat Oct 2006 AUDIT_SET_ENABLED(3)
Pages that refer to this page: audit_is_enabled(3)