Audit endpoint

This endpoint is intended for reading messages from KasperskyOS kernel logs. There are two kernel logs: kss and core. The kss log contains security audit data. The core log contains diagnostic output. (Diagnostic output includes kernel output and the output of programs.)

Information about methods of the endpoint is provided in the table below.

Methods of the audit.Audit endpoint (kl.core.Audit interface)

Method

Method purpose and parameters

Potential danger of the method

Open

Purpose

Opens the kernel log to read data from it.

Parameters

  • [in] name – name of the kernel log (kss or core).
  • [out] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
  • [out] rc – return code.

N/A

Close

Purpose

Closes the kernel log.

Parameters

  • [in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
  • [out] rc – return code.

N/A

Read

Purpose

Lets you receive a message from a kernel log.

Parameters

  • [in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
  • [out] msg – sequence containing a message.
  • [out] outDropMsgs – number of messages that were not included in the kernel log due to an overflow of the buffer where this log is stored.
  • [out] rc – return code.

Lets you extract messages from the kernel log so that these messages are not received by another process.

Page top