Any help is greatly appreciated.

My piece of code can read audit.log file and process it.But when I enable good number of syscalls, disk gets filled really quick (15GB for half a day usage)

I wanted to know if there is a way to directly get the events from userspace audit daemon instead of writing it to a file. Plan is that my application should process the events as soon as they are created.

Suggest me if a way exist.

Thanks in advance.