audit_set_enabled is used to control whether or not the audit system
is active. When the audit system is enabled (enabled set to 1), every
syscall will pass through the audit system to collect information and
potentially trigger an event.
If the audit system is disabled (enabled set to 0), syscalls do not
enter the audit system and no data is collected. There may be some
events generated by MAC subsystems like SE Linux even though the
audit system is disabled. It is possible to suppress those events,
too, by adding an audit rule with flags set to AUDIT_FILTER_TYPE.
This page is part of the audit (Linux Audit) project. Information
about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug report
for this manual page, send it to firstname.lastname@example.org. This page
was obtained from the project's upstream Git repository
⟨https://github.com/linux-audit/audit-userspace.git⟩ on 2017-03-13.
If you discover any rendering problems in this HTML version of the
page, or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the information
in this COLOPHON (which is not part of the original manual page),
send a mail to email@example.com
Red Hat Oct 2006 AUDIT_SET_ENABLED(3)