Expand description
Enhanced audit logging with structured entries, ring buffer, and filtering
Provides a next-generation audit subsystem for VeridianOS with:
- Structured log entries with timestamps, PIDs, TIDs, categories, severity
- Ring buffer storage with configurable capacity (default 8192 entries)
- Multi-dimensional filtering (category, severity, PID, time range)
- Event coalescing for repeated identical events within 1 second
- Thread-safe access via
spin::RwLock
This module complements the existing security::audit module by adding
richer categorization, severity levels, and query capabilities.
Structs§
- Audit
Active Filter - Active filter controlling which events are accepted into the log.
- Audit
Entry - A structured audit log entry.
- Audit
Query Filter - Multi-dimensional filter for querying audit events.
- Enhanced
Audit Stats - Statistics for the enhanced audit log.
Enums§
- Audit
Category - Category of an audit event, enabling fine-grained filtering.
- Audit
Severity - Severity level for an audit event.
Functions§
- clear_
log - Clear all audit log entries.
- disable
- Disable the enhanced audit subsystem.
- enable
- Enable the enhanced audit subsystem.
- get_
filter - Get the current active filter.
- get_
stats - Get audit statistics.
- init
- Initialize the enhanced audit subsystem.
- init_
with_ capacity - Initialize with a custom capacity.
- is_
enabled - Check if the enhanced audit subsystem is enabled.
- log_
auth - Log an authentication event.
- log_
authz - Log an authorization / access control event.
- log_
capability - Log a capability operation event.
- log_
event - Log a structured audit event.
- log_
file - Log a file access event.
- log_
network - Log a network access event.
- log_
policy - Log a security policy change.
- log_
process - Log a process lifecycle event.
- log_
syscall - Log a system call audit event.
- query_
events - Query audit events matching a filter.
- set_
filter - Set the active filter that controls which events are logged.