AUDIT_SET_ENABLED(3)           Linux Audit API          AUDIT_SET_ENABLED(3)

NAME         top

       audit_set_enabled - Enable or disable auditing

SYNOPSIS         top

       #include <libaudit.h>

       int audit_set_enabled (int fd, int enabled);

DESCRIPTION         top

       audit_set_enabled is used to control whether or not the audit system
       is active. When the audit system is enabled (enabled set to 1), every
       syscall will pass through the audit system to collect information and
       potentially trigger an event.

       If the audit system is disabled (enabled set to 0), syscalls do not
       enter the audit system and no data is collected. There may be some
       events generated by MAC subsystems like SE Linux even though the
       audit system is disabled. It is possible to suppress those events,
       too, by adding an audit rule with flags set to AUDIT_FILTER_TYPE.

RETURN VALUE         top

       The return value is <= 0 on error, otherwise it is the netlink
       sequence id number. This function can have any error that sendto
       would encounter.

SEE ALSO         top

       audit_add_rule_data(3), auditd(8).

AUTHOR         top

       Steve Grubb

COLOPHON         top

       This page is part of the audit (Linux Audit) project.  Information
       about the project can be found at 
       ⟨⟩.  If you have a bug report
       for this manual page, send it to  This page
       was obtained from the project's upstream Git repository 
       ⟨⟩ on 2017-03-13.
       If you discover any rendering problems in this HTML version of the
       page, or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the information
       in this COLOPHON (which is not part of the original manual page),
       send a mail to

Red Hat                           Oct 2006              AUDIT_SET_ENABLED(3)