selinux: How to programmatically log to audit log?

Question

Is there a way to programmatically log events to the SELinux audit log? I'm looking to create a monitoring script that audits the user's activities.

Answer 1

If you are using C/C++ you can interact with auditd (the one responsible for writing to audit.log) with the library "audit-libs" by including "libaudit.h". If you have the development library installed read the manual page of audit_open (man audit_open), or take a look here: http://linux.die.net/man/3/audit_open

I gathered most information from the following sites:

• http://www.mail-archive.com/linux-audit@redhat.com/msg01093.html

• http://www.linuxquestions.org/questions/linux-kernel-70/interfacing-with-the-auditd-737239/