centos man page for audit_add_rule_data

Query: audit_add_rule_data

OS: centos

Section: 3

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

AUDIT_ADD_RULE_DATA(3)						  Linux Audit API					    AUDIT_ADD_RULE_DATA(3)

NAME
audit_add_rule_data - Add new audit rule
SYNOPSIS
#include <libaudit.h> int audit_add_rule_data (int fd, struct audit_rule_data *rule, int flags, int action);
DESCRIPTION
audit_add_rule adds an audit rule previously constructed with audit_rule_fieldpair_data(3) to one of several kernel event filters. The fil- ter is specified by the flags argument. Possible values for flags are: o AUDIT_FILTER_USER - Apply rule to userspace generated messages. o AUDIT_FILTER_TASK - Apply rule at task creation (not syscall). o AUDIT_FILTER_EXIT - Apply rule at syscall exit. o AUDIT_FILTER_TYPE - Apply rule at audit_log_start. The rule's action has two possible values: o AUDIT_NEVER - Do not build context if rule matches. o AUDIT_ALWAYS - Generate audit record if rule matches.
RETURN VALUE
The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.
SEE ALSO
audit_rule_fieldpair_data(3), audit_delete_rule_data(3), auditctl(8).
AUTHOR
Steve Grubb. Red Hat Aug 2009 AUDIT_ADD_RULE_DATA(3)
Related Man Pages
audit_add_rule_data(3) - debian
audit_set_failure(3) - debian
ausearch_add_interpreted_item(3) - centos
audit_set_failure(3) - suse
ausearch_add_interpreted_item(3) - suse
Similar Topics in the Unix Linux Community
Ticks in seconds.
Broken the cardinal rule
To make sure I don't violate rule #7
Makefile rule being skipped
Help using variable in find rule