NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | SEE ALSO | AUTHOR | COLOPHON

AUDIT_ADD_RULE_DATA(3)         Linux Audit API        AUDIT_ADD_RULE_DATA(3)

NAME         top

       audit_add_rule_data - Add new audit rule

SYNOPSIS         top

       #include <libaudit.h>

       int audit_add_rule_data (int fd, struct audit_rule_data *rule, int
       flags, int action);

DESCRIPTION         top

       audit_add_rule adds an audit rule previously constructed with
       audit_rule_fieldpair_data(3) to one of several kernel event filters.
       The filter is specified by the flags argument. Possible values for
       flags are:

       ·  AUDIT_FILTER_USER - Apply rule to userspace generated messages.

       ·  AUDIT_FILTER_TASK - Apply rule at task creation (not syscall).

       ·  AUDIT_FILTER_EXIT - Apply rule at syscall exit.

       ·  AUDIT_FILTER_TYPE - Apply rule at audit_log_start.

       The rule's action has two possible values:

       ·  AUDIT_NEVER - Do not build context if rule matches.

       ·  AUDIT_ALWAYS - Generate audit record if rule matches.

RETURN VALUE         top

       The return value is <= 0 on error, otherwise it is the netlink
       sequence id number. This function can have any error that sendto
       would encounter.

SEE ALSO         top

       audit_rule_fieldpair_data(3), audit_delete_rule_data(3), auditctl(8).

AUTHOR         top

       Steve Grubb.

COLOPHON         top

       This page is part of the audit (Linux Audit) project.  Information
       about the project can be found at 
       ⟨http://people.redhat.com/sgrubb/audit/⟩.  If you have a bug report
       for this manual page, send it to linux-audit@redhat.com.  This page
       was obtained from the project's upstream Git repository 
       ⟨https://github.com/linux-audit/audit-userspace.git⟩ on 2017-03-13.
       If you discover any rendering problems in this HTML version of the
       page, or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the information
       in this COLOPHON (which is not part of the original manual page),
       send a mail to man-pages@man7.org

Red Hat                           Aug 2009            AUDIT_ADD_RULE_DATA(3)