satread(2) satread(2)
satread - read a block of audit record data
#include <sys/sat.h>
int satread (char *buffer, unsigned nbytes)
satread attempts to read nbytes bytes from the security audit trail
record queue into the buffer pointed to by buffer.
satread destroys the data that has been read. A subsequent satread call
will read new and different data.
satread will fail if one or more of the following are true:
[ENOPKG] Audit is not configured on this system.
[EPERM] The caller doesn't have CAP_AUDIT_CONTROL capability.
[EFAULT] data cannot be copied from the kernel into buffer.
[EACCES] the caller's process label does not dominate dbadmin,
which is to say, it must dominate MsenAdmin,MintHigh.
[EACCES] there is a sat daemon running on the system, and the
caller is not that daemon.
A return value of -1 indicates an error and errno is set to indicate the
error. Otherwise the number of bytes copied into buffer is returned.
satd(1m), satoff(2), saton(2), satstate(2), satwrite(2)
Silicon Graphics, Inc.
PPPPaaaaggggeeee 1111 [ Back ]
|