Wajih, Try man audit_log_user_messageand note the need for CAP_AUDIT_WRITE ability (see auditctl(8)) That said. Is there a reason you want a message going into the system kernel logging mechanism? The only reason why I ask is, if your audit rules posture is aggressive (many rules that fire) then you could will slow down your application as it waits to insert a message into the NETLINK_SOCKET is uses. On *nix, syslog is the normal destination for application event logs. By separating your application logs from operating system logs, you can more efficiently post process them. RegardsOn Fri, 2019-02-01 at 17:03 -0600, Wajih Ul Hassan wrote: > Hi, > Hi, I have a C application which needs to send a message to audit.log from > userspace. I have been using `auditctl -m` format to send a message to > audit.log > using `system` command but it seems to degrade performance a lot of my > application. > My question is there any API to send a message programmatically from my > application which is more efficient and robust. > Thanks, > Wajih > > --Linux-audit mailing [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
