bionic (3) audit_set_enabled.3.gz

Provided by: libaudit-dev_2.8.2-1ubuntu1.1_amd64 bug

NAME
       audit_set_enabled - Enable or disable auditing


SYNOPSIS
       #include <libaudit.h>

       int audit_set_enabled (int fd, int enabled);


DESCRIPTION
       audit_set_enabled  is used to control whether or not the audit system is active. When the audit system is
       enabled (enabled set to 1), every syscall will pass through the audit system to collect  information  and
       potentially trigger an event.

       If the audit system is disabled (enabled set to 0), syscalls do not enter the audit system and no data is
       collected. There may be some events generated by MAC subsystems like  SE  Linux  even  though  the  audit
       system  is disabled. It is possible to suppress those events, too, by adding an audit rule with flags set
       to AUDIT_FILTER_TYPE.


RETURN VALUE
       The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have
       any error that sendto would encounter.


SEE ALSO
       audit_add_rule_data(3), auditd(8).


AUTHOR
       Steve Grubb