Package audit-libs-devel

Header files for libaudit

The audit-libs-devel package contains the header files needed for
developing applications that need to use the audit framework libraries.

Version: 4.0.1

See also: audit, audit-libs, audit-rules.

Library Functions

audit_add_rule_data Add new audit rule
audit_add_watch create a rule layout for a watch
audit_close Close the audit netlink socket connection
audit_delete_rule_data Delete audit rule
audit_detect_machine Detects the current machine type
audit_encode_nv_string encode a name/value pair in a string
audit_encode_value encode input string to ASCII code string
audit_flag_to_name Convert the numeric rule-matching filter value to the rule-matching filter name
audit_fstype_to_name Convert the numeric fstype value to the fstype name
audit_get_reply Get the audit system's reply
audit_get_session Get a program's login session id value
audit_getloginuid Get a program's loginuid value
audit_is_enabled judge whether auditing is enabled or not
audit_log_acct_message log a user account message
audit_log_semanage_message log a semanage message
audit_log_user_avc_message log a user avc message
audit_log_user_comm_message log a user message from a console app
audit_log_user_command log a user command
audit_log_user_message log a general user message
audit_name_to_action Convert the action name to the numeric action value to each other
audit_name_to_errno Convert the errno name and the numeric errno value to each other
audit_name_to_flag Convert the rule-matching filter name to the numeric rule-matching filter value
audit_name_to_fstype Convert the fstype name to the numeric fstype value
audit_name_to_syscall Convert the syscall name to the numeric syscall value
audit_open Open a audit netlink socket connection
audit_request_rules_list_data Request list of current audit rules
audit_request_signal_info Request signal info for the audit system
audit_request_status Request status of the audit system
audit_set_backlog_limit Set the audit backlog limit
audit_set_backlog_wait_time Set the audit backlog wait time
audit_set_enabled Enable or disable auditing
audit_set_failure Set audit failure flag
audit_set_pid Set audit daemon process ID
audit_set_rate_limit Set audit rate limit
audit_setloginuid Set a program's loginuid value
audit_syscall_to_name Convert the numeric syscall value to the syscall name
audit_update_watch_perms update permissions field of watch command
audit_value_needs_encoding check a string to see if it needs encoding
auparse_add_callback add a callback handler for notifications
auparse_destroy release instance of parser
auparse_feed feed data into parser
auparse_feed_age_events check events for complete based on time.
auparse_feed_has_data check if there is any data accumulating that might need flushing.
auparse_find_field search for field name
auparse_find_field_next find next occurrence of field name
auparse_first_field reposition field cursor
auparse_first_record reposition record cursor
auparse_flush_feed flush any unconsumed feed data through parser.
auparse_get_field_int get current field's value as an int
auparse_get_field_name get current field's name
auparse_get_field_num get current field cursor location
auparse_get_field_str get current field's value
auparse_get_field_type get current field's data type
auparse_get_filename get the filename where record was found
auparse_get_line_number get line number where record was found
auparse_get_milli get the millisecond value of the event
auparse_get_node get the event's machine node name
auparse_get_num_fields get the number of fields
auparse_get_num_records get the number of records
auparse_get_record_num get current record cursor location
auparse_get_record_text access unparsed record data
auparse_get_serial get the event's serial number
auparse_get_time get event's time
auparse_get_timestamp access timestamp of the event
auparse_get_type get record's type
auparse_get_type_name get record's type translation
auparse_goto_field_num move field cursor to specific field
auparse_goto_record_num move record cursor to specific record
auparse_init initialize an instance of the audit parsing library
auparse_interpret_field get current field's interpreted value
auparse_metrics get some metrics about auparse
auparse_new_buffer replace the buffer in the parser
auparse_next_event get the next event
auparse_next_field move field cursor
auparse_next_record move record cursor
auparse_node_compare compares node name values
auparse_normalize normalize the current event
auparse_normalize_functions Access normalized fields
auparse_reset reset audit parser instance
auparse_set_eoe_timeout set the end of event timeout value
auparse_set_escape_mode choose escape method
auparse_timestamp_compare compares timestamp values
ausearch_add_expression build up search expression
ausearch_add_interpreted_item build up search rule
ausearch_add_item build up search rule
ausearch_add_regex use regular expression search rule
ausearch_add_timestamp_item build up search rule
ausearch_add_timestamp_item_ex build up search rule
ausearch_clear clear search parameters
ausearch_cur_event check if the current event meets search criteria
ausearch_next_event find the next event that meets search criteria
ausearch_set_stop set the cursor position
get_auditfail_action Get failure_action tunable value
set_aumessage_mode Sets the message mode

File Formats

ausearch-expression audit search expression format