satwrite, satvwrite - write a block of audit record data
int satwrite (int event, int outcome, char *buffer, unsigned nbytes)
#include <stdarg.h> #include <sat.h>
int satvwrite (int event, int outcome, char *format, ...)
satwrite writes nbytes bytes to the security audit trail record queue
from the buffer pointed to by buffer.
satvwrite is a more convenient libc interface for generating audit
records, which are generally text strings. Format is a printf-like
format string, followed by a variable number of arguments. See
printf(3S) for more information on the possible formatting characters.
Event must be equal to one of the SAT record type constants for
administrative events, as defined in /usr/include/sys/sat.h. Permissible
SAT_AE_AUDIT satwrite is called by audit subsystem utilities.
SAT_AE_IDENTITY satwrite is called by programs in the identification
and authentication subsystem.
SAT_AE_DBEDIT satwrite is called by the program which edits
SAT_AE_MOUNT satwrite is called by the programs which mount
SAT_AE_CUSTOM satwrite is called by customer written self auditing
outcome should be equal to SAT_SUCCESS or SAT_FAILURE, as defined in
/usr/include/sys/sat.h. satwrite interprets any value other than
SAT_FAILURE as an alternate representation of SAT_SUCCESS.
Buffer should contain audit data in human readable form. Although there
are no restrictions on its content, sat_interpret(1m) always interprets
the data as a null-terminated string.
satwrite fails if these conditions are true:
[ENOPKG] Audit is not configured on this system.
[EPERM] The caller does not have CAP_AUDIT_WRITE capability.
[EINVAL] buffer is null, or nbytes is greater than
[EDOM] event is not one of the permitted values.
[EFAULT] data can't be copied from buffer into the kernel.
A return value of -1 indicates an error and errno is set to indicate the
error. Otherwise 0 is returned.
sat_echo(1m), satoff(2), saton(2), satread(2), satstate(2), printf(3S)
PPPPaaaaggggeeee 2222 [ Back ]