audit_log_rule_change

Name:Log rule additions and removals

Proto:static void audit_log_rule_change(char *action, struct audit_krule *rule, int res)

Type:void

Parameter:

Type	Parameter	Name
char *	action
struct audit_krule *	rule
int	res

1102

If Not audit_enabled Then Return

1105

ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error

1106

If Not ab Then Return

1108

audit_log_session_info(ab)

1109

audit_log_task_context(ab)

1110

audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.

1111

audit_log_key(ab, ties events to rules )

1112

audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.

1113

audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove

**Caller**
Name	Describe
audit_rule_change	audit_rule_change - apply all rules to the specified message type@type: audit message type@seq: netlink audit message sequence (serial) number@data: payload data@datasz: size of payload data

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion