Send a message to audit.log
Steve Grubb
sgrubb at redhat.com
Sat Feb 2 10:36:04 UTC 2019
On Fri, 1 Feb 2019 17:03:49 -0600
Wajih Ul Hassan <wajih.lums at gmail.com> wrote:
> Hi,
> Hi, I have a C application which needs to send a message to audit.log
> from userspace. I have been using `auditctl -m` format to send a
> message to audit.log using `system` command but it seems to degrade
> performance a lot of my application.
> My question is there any API to send a message programmatically from
> my application which is more efficient and robust.
Burn had some good advice. But if you really want to send an audit
event, then you might look at the general advice here:
https://github.com/linux-audit/audit-documentation/wiki/SPEC-Writing-Good-Events
First, you need to pick an event type. If its purely for your app, then
AUDIT_TRUSTED_APP is for you. Then you need to find the right logging
function for your event. I'd suggest looking at the available functions
at the bottom of /usr/include/libaudit.h. Probably
audit_log_user_message is your logging API unless its an account or
command message.
-Steve
More information about the Linux-audit
mailing list