NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | SEE ALSO | AUTHOR | COLOPHON |
|
|
AUDIT_GET_FEATURES(3) Linux Audit API AUDIT_GET_FEATURES(3)
audit_get_features, audit_set_feature - query or change kernel audit features
#include <libaudit.h> uint32_t audit_get_features(void); int audit_set_feature(int fd, unsigned feature, unsigned value, unsigned lock);"
audit_get_features() returns a bitmap describing which kernel audit features are supported. The bitmap is cached internally and retrieved from the kernel on the first call. audit_set_feature() changes a feature bit for the kernel using the descriptor fd which must be an open audit netlink socket. feature selects the bit to modify. If value is nonzero the feature is enabled, otherwise it is disabled. If lock is nonzero the feature setting is locked until reboot. The feature bits currently defined are: AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT Kernel supports changing the backlog queue depth. AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME Kernel supports delaying syscalls when the queue is full. AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH Kernel will include the executable path on EXECVE records. AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND Exclude rules may be used with more fields than just message type. AUDIT_FEATURE_BITMAP_SESSIONID_FILTER Session identifier filtering is supported. AUDIT_FEATURE_BITMAP_LOST_RESET Allows resetting the lost event counter. AUDIT_FEATURE_BITMAP_FILTER_FS Kernel supports file system field filtering.
audit_get_features returns the feature bitmap or 0 if feature queries are unsupported. audit_set_feature returns <= 0 on error, otherwise it is the netlink sequence id number.
audit_request_features(3), audit_reset_lost(3), audit_open(3).
Steve Grubb
This page is part of the audit (Linux Audit) project. Information
about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug report
for this manual page, send it to [email protected]. This
page was obtained from the project's upstream Git repository
⟨https://github.com/linux-audit/audit-userspace.git⟩ on
2025-08-11. (At that time, the date of the most recent commit
that was found in the repository was 2025-08-09.) If you discover
any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a
mail to [email protected]
Red Hat July 2025 AUDIT_GET_FEATURES(3)
Pages that refer to this page: audit_request_features(3), audit_reset_lost(3), audit_set_loginuid_immutable(3)