AUDIT_OPEN(3) Linux Audit API AUDIT_OPEN(3)

audit_open - Open a audit netlink socket connection

#include <libaudit.h>

int audit_open(void);

audit_open creates a NETLINK_AUDIT socket for communication with the kernel part of the Linux Audit Subsystem. The audit system uses the ACK feature of netlink. This means that every message to the kernel will return a netlink status packet even if the operation succeeds.

Returns -1 if an error occurs; otherwise, the return value is a descriptor referencing the socket.

The audit_open() function may fail and set errno for any of the errors specified for the socket(2) and fcntl(2) routines.

netlink(7).

Steve Grubb

Oct 2006 Red Hat