Header files for libaudit
http://people.redhat.com/sgrubb/audit/
The audit-libs-devel package contains the header files needed for
developing applications that need to use the audit framework libraries.
Version: 4.0.1
See also: audit, audit-libs, audit-rules.
Library Functions | |
| audit_add_rule_data | Add new audit rule |
| audit_add_watch | create a rule layout for a watch |
| audit_close | Close the audit netlink socket connection |
| audit_delete_rule_data | Delete audit rule |
| audit_detect_machine | Detects the current machine type |
| audit_encode_nv_string | encode a name/value pair in a string |
| audit_encode_value | encode input string to ASCII code string |
| audit_flag_to_name | Convert the numeric rule-matching filter value to the rule-matching filter name |
| audit_fstype_to_name | Convert the numeric fstype value to the fstype name |
| audit_get_reply | Get the audit system's reply |
| audit_get_session | Get a program's login session id value |
| audit_getloginuid | Get a program's loginuid value |
| audit_is_enabled | judge whether auditing is enabled or not |
| audit_log_acct_message | log a user account message |
| audit_log_semanage_message | log a semanage message |
| audit_log_user_avc_message | log a user avc message |
| audit_log_user_comm_message | log a user message from a console app |
| audit_log_user_command | log a user command |
| audit_log_user_message | log a general user message |
| audit_name_to_action | Convert the action name to the numeric action value to each other |
| audit_name_to_errno | Convert the errno name and the numeric errno value to each other |
| audit_name_to_flag | Convert the rule-matching filter name to the numeric rule-matching filter value |
| audit_name_to_fstype | Convert the fstype name to the numeric fstype value |
| audit_name_to_syscall | Convert the syscall name to the numeric syscall value |
| audit_open | Open a audit netlink socket connection |
| audit_request_rules_list_data | Request list of current audit rules |
| audit_request_signal_info | Request signal info for the audit system |
| audit_request_status | Request status of the audit system |
| audit_set_backlog_limit | Set the audit backlog limit |
| audit_set_backlog_wait_time | Set the audit backlog wait time |
| audit_set_enabled | Enable or disable auditing |
| audit_set_failure | Set audit failure flag |
| audit_set_pid | Set audit daemon process ID |
| audit_set_rate_limit | Set audit rate limit |
| audit_setloginuid | Set a program's loginuid value |
| audit_syscall_to_name | Convert the numeric syscall value to the syscall name |
| audit_update_watch_perms | update permissions field of watch command |
| audit_value_needs_encoding | check a string to see if it needs encoding |
| auparse_add_callback | add a callback handler for notifications |
| auparse_destroy | release instance of parser |
| auparse_feed | feed data into parser |
| auparse_feed_age_events | check events for complete based on time. |
| auparse_feed_has_data | check if there is any data accumulating that might need flushing. |
| auparse_find_field | search for field name |
| auparse_find_field_next | find next occurrence of field name |
| auparse_first_field | reposition field cursor |
| auparse_first_record | reposition record cursor |
| auparse_flush_feed | flush any unconsumed feed data through parser. |
| auparse_get_field_int | get current field's value as an int |
| auparse_get_field_name | get current field's name |
| auparse_get_field_num | get current field cursor location |
| auparse_get_field_str | get current field's value |
| auparse_get_field_type | get current field's data type |
| auparse_get_filename | get the filename where record was found |
| auparse_get_line_number | get line number where record was found |
| auparse_get_milli | get the millisecond value of the event |
| auparse_get_node | get the event's machine node name |
| auparse_get_num_fields | get the number of fields |
| auparse_get_num_records | get the number of records |
| auparse_get_record_num | get current record cursor location |
| auparse_get_record_text | access unparsed record data |
| auparse_get_serial | get the event's serial number |
| auparse_get_time | get event's time |
| auparse_get_timestamp | access timestamp of the event |
| auparse_get_type | get record's type |
| auparse_get_type_name | get record's type translation |
| auparse_goto_field_num | move field cursor to specific field |
| auparse_goto_record_num | move record cursor to specific record |
| auparse_init | initialize an instance of the audit parsing library |
| auparse_interpret_field | get current field's interpreted value |
| auparse_metrics | get some metrics about auparse |
| auparse_new_buffer | replace the buffer in the parser |
| auparse_next_event | get the next event |
| auparse_next_field | move field cursor |
| auparse_next_record | move record cursor |
| auparse_node_compare | compares node name values |
| auparse_normalize | normalize the current event |
| auparse_normalize_functions | Access normalized fields |
| auparse_reset | reset audit parser instance |
| auparse_set_eoe_timeout | set the end of event timeout value |
| auparse_set_escape_mode | choose escape method |
| auparse_timestamp_compare | compares timestamp values |
| ausearch_add_expression | build up search expression |
| ausearch_add_interpreted_item | build up search rule |
| ausearch_add_item | build up search rule |
| ausearch_add_regex | use regular expression search rule |
| ausearch_add_timestamp_item | build up search rule |
| ausearch_add_timestamp_item_ex | build up search rule |
| ausearch_clear | clear search parameters |
| ausearch_cur_event | check if the current event meets search criteria |
| ausearch_next_event | find the next event that meets search criteria |
| ausearch_set_stop | set the cursor position |
| get_auditfail_action | Get failure_action tunable value |
| set_aumessage_mode | Sets the message mode |
File Formats | |
| ausearch-expression | audit search expression format |