Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Apropos / Subsearch:
optional field

audgen(2)							    audgen(2)


  audgen - generate an audit record


  #include <&lt;sys/audit.h>&gt;
	  int event,
	  char *tokenp,
	  char *argv[],
	  char *userbuff,
	  long *size);


  The audgen system call generates an audit record.

  The argument event is	an integer indicating the event	type of	the operation
  being	audited	(see audit.h).	The value of event must	be between one of the
  following values:


    +  MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events -1
  The number of	site-defined events, n_site_events, is determined by the sys-
  config sec parameter audit_site_events.  Use sysconfig -q sec	to view	the
  security configuration controlled by /etc/sysconfigtab.  See
  aud_sitevent(3) and aud_sitevent_num(3) for information on mapping site-
  defined event	names and event	numbers.

  The tokenp argument is a null-terminated array of token_type (see audit.h),
  each of which	represents the type of argument	referenced by the correspond-
  ing *argv argument.

  The argv argument is a pointer to an array containing	either the actual
  arguments or pointers	to those arguments that	are to be recorded in the
  audit	record.	 A pointer to the actual argument is placed in that array
  when the argument is a string, array,	or other variable length structure.
  Arguments represented	as an int or a long are	placed directly	in that
  array.  The available	public tokens are listed in the	audit.h	file.

  If size is nonzero, *size is the size	of userbuff provided to	audgen,	and
  the audit record created is not passed into the system audit data stream,
  but is copied	out to userbuff.  On return, *size is updated to the number
  of bytes of data placed into userbuff.  If the size of the audit record
  exceeds *size, then errno is set to E2BIG.  Applications can use this
  feature to create their own audit records.


  The audgen call is a privileged system call.	No record is generated for
  the system audit data	stream if the specified	event is not being audited
  for the current process.  The	maximum	number of arguments referenced by
  argv is AUD_NPARAM (128) with	no more	than 8 of any one token_type.


  Upon successful completion, audgen returns a value of	0.  Otherwise, it
  returns a value of -1	and sets the global integer variable errno to indi-
  cate the error.


  The audgen system call fails under the following conditions:

  [EACCES]	 The user is not privileged for	this operation.

  [EINVAL]	 The value supplied for	the event, tokenp, or argv argument
		 is invalid.

  [E2BIG]	 The audit record exceeds the audit buffer size.

  [ENOSYS]	 Indicates an attempt to use a system call that	is not con-

  [EIO]		 The tokenmask data is invalid.

  [EIO]		 The size argument is non-zero,	and the	userbuff argument is

  [EFAULT]	 A value referenced by the argv	argument is invalid.


  Functions: audgenl(3), aud_sitevent(3), aud_sitevent_num(3)

  Commands: audgen(8)