Query: audit_add_rule_data
OS: debian
Section: 3
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
AUDIT_ADD_RULE_DATA(3) Linux Audit API AUDIT_ADD_RULE_DATA(3)NAMEaudit_add_rule_data - Add new audit ruleSYNOPSIS#include <libaudit.h> int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);DESCRIPTIONaudit_add_rule adds an audit rule to one of several kernel event filters. The filter is specified by the flags argument. Possible values for flags are: o AUDIT_FILTER_USER - Apply rule to userspace generated messages. o AUDIT_FILTER_TASK - Apply rule at task creation (not syscall). o AUDIT_FILTER_ENTRY - Apply rule at syscall entry. o AUDIT_FILTER_WATCH - Apply rule to file system watches. o AUDIT_FILTER_EXIT - Apply rule at syscall exit. o AUDIT_FILTER_TYPE - Apply rule at audit_log_start. The rule's action has two possible values: o AUDIT_NEVER - Do not build context if rule matches. o AUDIT_ALWAYS - Generate audit record if rule matches.RETURN VALUEThe return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.SEE ALSOaudit_delete_rule_data(3), audit_add_watch(3), auditctl(8).AUTHORSteve Grubb. Red Hat Oct 2006 AUDIT_ADD_RULE_DATA(3)
| Related Man Pages | 
|---|
| audit_add_rule_data(3) - centos | 
| ausearch_add_item(3) - debian | 
| ausyscall(8) - debian | 
| audit_set_failure(3) - centos | 
| ausearch_add_item(3) - suse | 
| Similar Topics in the Unix Linux Community | 
|---|
| pptp / pf issue | 
| Broken the cardinal rule | 
| Solaris - cediag replacement of DIMMS | 
| Allow port range using IPsec? | 
| GIMMICK OF THE WEEK - Tell a joke to win bits |