Index Index for
Section 2
Index Alphabetical
listing for A
Bottom of page Bottom of
page		 

audgen(2)


NAME

  audgen - generate an audit record


SYNOPSIS

  #include <sys/audit.h>

  audgen(
	  int event,
	  char *tokenp,
	  char *argv,
	  char *userbuff,
	  long *size );


DESCRIPTION

  The audgen system call generates an audit record.

  The argument event is an integer indicating the event type of the operation
  being audited (see audit.h).	The value of event must be between one of the
  following values:

    ·  MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT + N_TRUSTED_EVENTS -1

    ·  MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events -1
  The number of site-defined events, n_site_events, is determined by the
  sysconfig sec parameter audit_site_events. Use sysconfig -q sec to view the
  security configuration controlled by /etc/sysconfigtab. See aud_sitevent(3)
  and aud_sitevent_num(3) for information on mapping site-defined event names
  and event numbers.

  The tokenp argument is a null-terminated array of token_type (see audit.h),
  each of which represents the type of argument referenced by the
  corresponding *argv argument.

  The argv argument is a pointer to an array containing either the actual
  arguments or pointers to those arguments that are to be recorded in the
  audit record.	 A pointer to the actual argument is placed in that array
  when the argument is a string, array, or other variable length structure.
  Arguments represented as an int or a long are placed directly in that
  array. The available public tokens are listed in the audit.h file.

  If size is nonzero, *size is the size of userbuff provided to audgen, and
  the audit record created is not passed into the system audit data stream,
  but is copied out to userbuff. On return, *size is updated to the number of
  bytes of data placed into userbuff. If the size of the audit record exceeds
  *size, then errno is set to E2BIG. Applications can use this feature to
  create their own audit records.


RESTRICTIONS

  The audgen call is a privileged system call. No record is generated for the
  system audit data stream if the specified event is not being audited for
  the current process. The maximum number of arguments referenced by argv is
  AUD_NPARAM (128) with no more than 8 of any one token_type.


RETURN VALUES

  Upon successful completion, audgen returns a value of 0. Otherwise, it
  returns a value of -1 and sets the global integer variable errno to
  indicate the error.


ERRORS

  The audgen system call fails under the following conditions:

  [EACCES]
      The user is not privileged for this operation.

  [EINVAL]
      The value supplied for the event, tokenp, or argv argument is invalid.

  [[E2BIG]]
      The audit record exceeds the audit buffer size.

  [ENOSYS]
      Indicates an attempt to use a system call that is not configured.

  [EIO]
      The tokenmask data is invalid.

  [EIO]
      The size argument is non-zero, and the userbuff argument is invalid.

  [EFAULT]
      A value referenced by the argv argument is invalid.


SEE ALSO

  Functions: audgenl(3), aud_sitevent(3), aud_sitevent_num(3)

  Commands: audgen(8)

  Security

Index Index for
Section 2
Index Alphabetical
listing for A
Top of page Top of
page