Manpages - audit_set_failure.3

audit_set_failure - Set audit failure flag

#include <libaudit.h>

int audit_set_failure(int fd, uint32_t failure);

audit_set_failure sets the action that the kernel will perform when the backlog limit is reached or when it encounters an error and cannot proceed. Possible values are:

0 - AUDIT_FAIL_SILENT

Do nothing, report nothing, skip logging the record and continue.

1 - AUDIT_FAIL_PRINTK [default]

Log the audit record using printk which will cause subsequent events to get written to syslog.

2 - AUDIT_FAIL_PANIC

Call the panic function. This would be used to prevent use of the machine upon loss of audit events.

The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.

*audit_set_backlog_limit*(3), *audit_open*(3), *auditd*(8), *auditctl*(8).

Steve Grubb