Unix/Linux Go Back    


CentOS 7.0 - man page for audit_add_rule_data (centos section 3)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


AUDIT_ADD_RULE_DATA(3)			 Linux Audit API		   AUDIT_ADD_RULE_DATA(3)

NAME
       audit_add_rule_data - Add new audit rule

SYNOPSIS
       #include <libaudit.h>

       int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);

DESCRIPTION
       audit_add_rule adds an audit rule previously constructed with audit_rule_fieldpair_data(3)
       to one of several kernel event filters. The filter is specified	by  the  flags	argument.
       Possible values for flags are:

       o  AUDIT_FILTER_USER - Apply rule to userspace generated messages.

       o  AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).

       o  AUDIT_FILTER_EXIT - Apply rule at syscall exit.

       o  AUDIT_FILTER_TYPE - Apply rule at audit_log_start.

       The rule's action has two possible values:

       o  AUDIT_NEVER - Do not build context if rule matches.

       o  AUDIT_ALWAYS - Generate audit record if rule matches.

RETURN VALUE
       The  return  value  is <= 0 on error, otherwise it is the netlink sequence id number. This
       function can have any error that sendto would encounter.

SEE ALSO
       audit_rule_fieldpair_data(3), audit_delete_rule_data(3), auditctl(8).

AUTHOR
       Steve Grubb.

Red Hat 				     Aug 2009			   AUDIT_ADD_RULE_DATA(3)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 08:39 AM.