audit_watch_log_rule_change

Name:audit_watch_log_rule_change

Proto:static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watch *w, char *op)

Type:void

Parameter:

Type	Parameter	Name
struct audit_krule *	r
struct audit_watch *	w
char *	op

230

If Not audit_enabled Then Return

232

ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error

233

If Not ab Then Return

235

audit_log_session_info(ab)

236

audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.

237

audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.

238

audit_log_key(ab, ties events to rules )

239

audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.

240

audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove

**Caller**
Name	Describe
audit_update_watch	Update inode info in audit rules based on filesystem event.
audit_remove_parent_watches	Remove all watches & rules associated with a parent that is going away.

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion