NAME¶
audit_set_enabled - Enable or disable auditing
SYNOPSIS¶
#include <libaudit.h>
int audit_set_enabled (int fd, int enabled);
DESCRIPTION¶
audit_set_enabled is used to control whether or not the audit system is active.
When the audit system is enabled (enabled set to 1), every syscall will pass
through the audit system to collect information and potentially trigger an
event.
If the audit system is disabled (enabled set to 0), syscalls do not enter the
audit system and no data is collected. There may be some events generated by
MAC subsystems like SE Linux even though the audit system is disabled. It is
possible to suppress those events, too, by adding an audit rule with flags set
to AUDIT_FILTER_TYPE.
RETURN VALUE¶
The return value is <= 0 on error, otherwise it is the netlink sequence id
number. This function can have any error that sendto would encounter.
SEE ALSO¶
audit_add_rule_data(3),
auditd(8).
AUTHOR¶
Steve Grubb