The file /etc/libaudit.conf contains configuration information
for user space applications that link to libaudit. The
applications are responsible for querying the settings in this
file and obeying the admin's preferences. This file contains one
configuration keyword per line, an equal sign, and then followed
by appropriate configuration information. The keywords recognized
are: failure_action. These keywords are described below.
This keyword specifies what action the admin wishes a user
space application to take when there is a failure to send
an audit event to the kernel. The possible values are:
- meaning do nothing, LOG - write to syslog the inability
to send an audit event, and TERMINATE - the user space
application should exit.
This page is part of the audit (Linux Audit) project.
Information about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug
report for this manual page, send it to email@example.com.
This page was obtained from the project's upstream Git repository
2023-06-23. (At that time, the date of the most recent commit
that was found in the repository was 2023-06-22.) If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to firstname.lastname@example.org
Red Hat Oct 2009 LIBAUDIT.CONF(5)