From a24552c165346f087e82a52807d134e3910387a8 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 1 Jun 2018 17:15:07 +0200
Subject: log: Add support for audit logging

This is implemented via a pseudo log level. The kernel ignores any other
parameter, so reject those at evaluation stage. Audit logging is
therefore simply a matter of:

| log level audit

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/statement.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/statement.c')

diff --git a/src/statement.c b/src/statement.c
index ff4c8eb6..4a646e06 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -220,7 +220,7 @@ struct stmt *objref_stmt_alloc(const struct location *loc)
 	return stmt;
 }
 
-static const char *syslog_level[LOG_DEBUG + 1] = {
+static const char *syslog_level[LOGLEVEL_AUDIT + 1] = {
 	[LOG_EMERG]	= "emerg",
 	[LOG_ALERT]	= "alert",
 	[LOG_CRIT]	= "crit",
@@ -229,11 +229,12 @@ static const char *syslog_level[LOG_DEBUG + 1] = {
 	[LOG_NOTICE]	= "notice",
 	[LOG_INFO]	= "info",
 	[LOG_DEBUG]	= "debug",
+	[LOGLEVEL_AUDIT] = "audit"
 };
 
 const char *log_level(uint32_t level)
 {
-	if (level > LOG_DEBUG)
+	if (level > LOGLEVEL_AUDIT)
 		return "unknown";
 
 	return syslog_level[level];
@@ -243,7 +244,7 @@ int log_level_parse(const char *level)
 {
 	int i;
 
-	for (i = 0; i <= LOG_DEBUG; i++) {
+	for (i = 0; i <= LOGLEVEL_AUDIT; i++) {
 		if (syslog_level[i] &&
 		    !strcmp(level, syslog_level[i]))
 			return i;
-- 
cgit v1.2.3