Receiving security audit data (vlog_api.h)
This API is defined in the header file sysroot-*-kos/include/coresrv/vlog/vlog_api.h from the KasperskyOS SDK.
The API lets you read from the KasperskyOS kernel log containing security audit data and is used in the code of the static library sysroot-*-kos/lib/libklog_system_audit.a, which is linked to the Klog system program.
Information about API functions is provided in the table below.
Using the API
The API usage scenario includes the following steps:
- Open the kernel log containing security audit data by calling the
KnAuOpen()function. - Receive messages from the kernel log containing security audit data via calls of the
KnAuRead()function.This log is a cyclic buffer, and therefore you must prevent overwrites in this log because they could lead to a loss of security audit data that has not yet been read. To monitor overwrites in the log, the
outDropMsgsparameter of theKnAuRead()function is used to pass the number of dropped messages. (The counter of these messages is reset to zero after this value is read each time the function is called.) If messages have been dropped, you must either increase the speed at which messages are read from the log, for example, by performing the read operation from parallel threads, or reduce the speed of message generation by editing the security audit profile. - Close the kernel log containing security audit data by calling the
KnAuClose()function.
Information about API functions
vlog_api.h functions
Function |
Information about the function |
|---|---|
|
Purpose Opens the kernel log containing security audit data. Parameters
Returned values If successful, the function returns |
|
Purpose Closes the kernel log containing security audit data. Parameters
Returned values If successful, the function returns |
|
Purpose Receives a message from the kernel log containing security audit data. Parameters
Returned values If successful, the function returns |