Audit endpoint

This endpoint is intended for reading the KasperskyOS kernel log containing security audit data.

Information about methods of the endpoint is provided in the table below.

Methods of the audit.Audit endpoint (kl.core.Audit interface)

Method	Method purpose and parameters	Potential danger of the method
`Open`	Purpose Opens the kernel log containing security audit data. Parameters [in] `name` – name of the kernel log containing security audit data (`kss`). [out] `handle` – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. This handle identifies the kernel log containing security audit data. [out] `rc` – return code.	N/A
`Close`	Purpose Closes the kernel log containing security audit data. Parameters [in] `handle` – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. This handle identifies the kernel log containing security audit data. [out] `rc` – return code.	N/A
`Read`	Purpose Receives a message from the kernel log containing security audit data. Parameters [in] `handle` – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. This handle identifies the kernel log containing security audit data. [out] `msg` – sequence containing a message. [out] `outDropMsgs` – number of messages that were lost due to overwrites in the kernel log containing security audit data. [out] `rc` – return code.	Reads messages from the kernel log containing security audit data so that these messages are not received by another process.

Method

Method purpose and parameters

Potential danger of the method

Open

Purpose

Opens the kernel log containing security audit data.

Parameters

[in] name – name of the kernel log containing security audit data (kss).
[out] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. This handle identifies the kernel log containing security audit data.
[out] rc – return code.

N/A

Close

Purpose

Closes the kernel log containing security audit data.

Parameters

[in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. This handle identifies the kernel log containing security audit data.
[out] rc – return code.

N/A

Read

Purpose

Receives a message from the kernel log containing security audit data.

Parameters

[in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. This handle identifies the kernel log containing security audit data.
[out] msg – sequence containing a message.
[out] outDropMsgs – number of messages that were lost due to overwrites in the kernel log containing security audit data.
[out] rc – return code.

Reads messages from the kernel log containing security audit data so that these messages are not received by another process.