Your company here — click to reach over 10,000 unique daily visitors

audit_add_rule_data - Man Page

Add new audit rule


#include <libaudit.h>

int audit_add_rule_data(int fd, struct audit_rule_data *rule, int flags, int action);


audit_add_rule_data adds an audit rule previously constructed with audit_rule_fieldpair_data(3) to one of several kernel event filters. The filter is specified by the flags argument. Possible values for flags are:

The rule's action has two possible values:

Return Value

The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.

See Also

audit_rule_fieldpair_data(3), audit_delete_rule_data(3), auditctl(8).


Steve Grubb.

Referenced By

audit_add_watch(3), audit_delete_rule_data(3), audit_request_rules_list_data(3), audit_set_enabled(3), audit_update_watch_perms(3).

Aug 2009 Red Hat Linux Audit API