Audit endpoint

Support

Support for KasperskyOS

KasperskyOS Community Edition

Developing security policies

Methods of KasperskyOS core endpoints

Audit endpoint

August 2, 2023

ID kernel_methods_audit

Get as PDF

This endpoint is intended for reading messages from KasperskyOS kernel logs. There are two kernel logs: kss and core. The kss log contains security audit data. The core log contains diagnostic output. (Diagnostic output includes kernel output and the output of programs.)

Information about methods of the endpoint is provided in the table below.

Methods of the audit.Audit endpoint (kl.core.Audit interface)

Method	Method purpose and parameters	Potential danger of the method
`Open`	Purpose Opens the kernel log to read data from it. Parameters [in] `name` – name of the kernel log (`kss` or `core`). [out] `handle` – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log. [out] `rc` – return code.	N/A
`Close`	Purpose Closes the kernel log. Parameters [in] `handle` – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log. [out] `rc` – return code.	N/A
`Read`	Purpose Lets you receive a message from a kernel log. Parameters [in] `handle` – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log. [out] `msg` – sequence containing a message. [out] `outDropMsgs` – number of messages that were not included in the kernel log due to an overflow of the buffer where this log is stored. [out] `rc` – return code.	Lets you extract messages from the kernel log so that these messages are not received by another process.

Method

Method purpose and parameters

Potential danger of the method

Open

Purpose

Opens the kernel log to read data from it.

Parameters

[in] name – name of the kernel log (kss or core).
[out] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
[out] rc – return code.

N/A

Close

Purpose

Closes the kernel log.

Parameters

[in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
[out] rc – return code.

N/A

Read

Purpose

Lets you receive a message from a kernel log.

Parameters

[in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
[out] msg – sequence containing a message.
[out] outDropMsgs – number of messages that were not included in the kernel log due to an overflow of the buffer where this log is stored.
[out] rc – return code.

Lets you extract messages from the kernel log so that these messages are not received by another process.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.