audit_add_rule(3) - Linux man page
Name
audit_add_rule - Add new auditing rule
Synopsis
#include <libaudit.h>
- int audit_add_rule (int fd, struct audit_rule *rule, int flags, int action);
Description
audit_add_rule uses the function audit_send to add a new rule for auditing. audit_add_rule stores flags and action in the audit_rule structure and then makes a call to audit_send (fd, AUDIT_ADD, rule, sizeof(*rule)). Possible values for flags are:
- • AUDIT_PER_TASK
• AUDIT_AT_ENTRY
• AUDIT_AT_EXIT
- Possible values for action are:
- • AUDIT_NEVER
• AUDIT_POSSIBLE
• AUDIT_ALWAYS
- Possible values for action are:
Return Value
The return value is equal to the return value from audit_send.
Examples
/* Sample code */ flags=AUDIT_PER_TASK; action=AUDIT_ALWAYS; audit_add_rule(fd, &rule, flags, action);
See Also
audit_send(3), audit_delete_rule(3), auditctl(8).
Author
Debora Velarde.