Man Linux: Main Page and Category List

NAME

       audit_set_enabled - Enable or disable auditing

SYNOPSIS

       #include <libaudit.h>

       int audit_set_enabled (int fd, int enabled);

DESCRIPTION

       audit_set_enabled is used to control whether or not the audit system is
       active. When the audit system is enabled  (enabled  set  to  1),  every
       syscall  will  pass through the audit system to collect information and
       potentially trigger an event.

       If the audit system is disabled (enabled set to  0),  syscalls  do  not
       enter  the  audit  system  and  no data is collected. There may be some
       events generated by MAC subsystems like SE Linux even though the  audit
       system  is  disabled.  It is possible to suppress those events, too, by
       adding an audit rule with flags set to AUDIT_FILTER_TYPE.

RETURN VALUE

       The return value is <= 0 on error, otherwise it is the netlink sequence
       id  number.  This  function  can  have  any  error  that  sendto  would
       encounter.

SEE ALSO

       audit_add_rule_data(3), auditd(8).

AUTHOR

       Steve Grubb