AUDIT_SET_FAILURE(3) Linux Audit API AUDIT_SET_FAILURE(3)

NAME audit_set_failure - Set audit failure flag

SYNOPSIS #include <libaudit.h>

int audit_set_failure (int fd, int failure);

DESCRIPTION audit_set_failure sets the action that the kernel will perform when the backlog limit is reached or when it encounters an error and cannot pro- ceed. Possible values are:

0 - AUDIT_FAIL_PRINTK [default] Log the audit record using printk which will cause subsequent events to get written to syslog.

1 - AUDIT_FAIL_SILENT Do nothing, report nothing, skip logging the record and con- tinue.

2 - AUDIT_FAIL_PANIC Call the panic function. This would be used to prevent use of the machine upon loss of audit events.

RETURN VALUE The return value is <= 0 on error, otherwise it is the netlink sequence id number. This function can have any error that sendto would encounter.

SEE ALSO audit_set_backlog(3), audit_open(3), auditd(8), auditctl(8).

AUTHOR Steve Grubb

Red Hat Oct 2006 AUDIT_SET_FAILURE(3)