Index Index for
Section 3
Index Alphabetical
listing for A
Bottom of page Bottom of
page		 

audgenl(3)


NAME

  audgenl - generate an audit record


SYNOPSIS

  #include <sys/audit.h>

  int audgenl(
	  unsigned event [,token_type, token_val] ... , 0 );


LIBRARY

  Audit Library	 - libaud.a and libaud.so


PARAMETERS

  event
      The event value of the operation being audited.

  token_type, token_val
      A type and value pair defining the data to be placed in the audit
      record.


DESCRIPTION

  This routine is an interface to the audgen() system call. It accepts a
  variable number of arguments describing the event and audit data, then
  calls audgen() with the appropriate parameters to generate the audit
  record. This routine is found in the library and is loaded with the
  libaud.a and libaud.so -laud option.

  The event argument indicates the event value of the operation being
  audited, as defined in audit.h.  The value of event must be between one of
  the following two values:

    ·  MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT + N_TRUSTED_EVENTS -1

    ·  MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events -1

  The constants are defined in audit.h. The definition of n_site_events is
  determined by executing the sysconfig -q sec audit_site_events command on
  the running kernel.

  The argument pairs containing token_type and token_val describe the data
  that is to be placed into the audit record. The argument token_type
  describes the type of data, as defined in the set of public tokens (in
  audit.h).

  The argument token_val should be set to the value of the token when the
  token is represented by an int or long data type, or be a pointer to the
  data described by the token when the token references a character string,
  or other variable length field or structure.


RESTRICTIONS

  The audgen() system call is privileged.

  The maximum number of token_type, token_val pairs allowed is 128, with no
  more than 8 instances of any one token_type.


RETURN VALUES

  On successful completion, a value of 0 is returned.  Otherwise, a value of
  -1 is returned and the global integer variable errno is set to indicate the
  error.


ERRORS

  [EACCES]
      The user is not privileged for this operation.

  [EINVAL]
      The value supplied for an argument is invalid.

  [[E2BIG]]
      The audit record exceeds the audit record size.

  [ENOSYS]
      Indicates an attempt to use a system call that is not configured.

  [EIO]
      The tokenmask data is invalid.

  [EIO]
      The size argument is non-zero, and the userbuff argument is invalid.

  [EFAULT]
      A value referenced by the argv argument is invalid.


SEE ALSO

  audgen(2), sysconfig(8), sysconfigdb(8)

  Security

Index Index for
Section 3
Index Alphabetical
listing for A
Top of page Top of
page