This endpoint is intended for reading messages from KasperskyOS kernel logs. There are two kernel logs: kss and core. The kss log contains security audit data. The core log contains diagnostic output. (Diagnostic output includes kernel output and the output of programs.)
Information about methods of the endpoint is provided in the table below.
Methods of the audit.Audit endpoint (kl.core.Audit interface)
Method
Method purpose and parameters
Potential danger of the method
Open
Purpose
Opens the kernel log to read data from it.
Parameters
[in] name – name of the kernel log (kss or core).
[out] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
[out] rc – return code.
N/A
Close
Purpose
Closes the kernel log.
Parameters
[in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
[out] rc – return code.
N/A
Read
Purpose
Receives a message from a kernel log.
Parameters
[in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel log.
[out] msg – sequence containing a message.
[out] outDropMsgs – number of messages that were not included in the kernel log due to an overflow of the buffer where this log is stored.
[out] rc – return code.
Extracts messages from the kernel log so that these messages are not received by another process.