*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> audgen (2)              



NAME    [Toc]    [Back]

       audgen - generate an audit record

SYNOPSIS    [Toc]    [Back]

       #include <sys/audit.h>

               int event,
               char *tokenp,
               char *argv,
               char *userbuff,
               long *size );

DESCRIPTION    [Toc]    [Back]

       The audgen system call generates an audit record.

       The argument event is an integer indicating the event type
       of the operation being audited (see audit.h).   The  value
       of  event  must  be  between  one of the following values:
       -1  MIN_SITE_EVENT  and  MIN_SITE_EVENT + n_site_events -1
       The  number  of  site-defined  events,  n_site_events,  is
       determined     by     the    sysconfig    sec    parameter
       audit_site_events. Use sysconfig -q sec to view the  security
  configuration  controlled  by /etc/sysconfigtab. See
       aud_sitevent(3) and aud_sitevent_num(3) for information on
       mapping site-defined event names and event numbers.

       The   tokenp   argument  is  a  null-terminated  array  of
       token_type (see audit.h), each  of  which  represents  the
       type  of  argument  referenced  by the corresponding *argv

       The argv argument is a  pointer  to  an  array  containing
       either the actual arguments or pointers to those arguments
       that are to be recorded in the audit record.  A pointer to
       the actual argument is placed in that array when the argument
 is a string, array, or other variable  length  structure.
 Arguments represented as an int or a long are placed
       directly in that array. The available  public  tokens  are
       listed in the audit.h file.

       If size is nonzero, *size is the size of userbuff provided
       to audgen, and the audit record created is not passed into
       the  system  audit data stream, but is copied out to userbuff.
 On return, *size is updated to the number  of  bytes
       of  data  placed  into  userbuff. If the size of the audit
       record exceeds *size, then errno is set to E2BIG. Applications
  can  use  this  feature  to  create their own audit

RESTRICTIONS    [Toc]    [Back]

       The audgen call is a privileged system call. No record  is
       generated  for  the system audit data stream if the specified
 event is not being audited for the  current  process.
       The  maximum  number  of  arguments  referenced by argv is
       AUD_NPARAM  (128)  with  no  more  than  8  of   any   one

RETURN VALUES    [Toc]    [Back]

       Upon  successful  completion, audgen returns a value of 0.
       Otherwise, it returns a value of -1 and  sets  the  global
       integer variable errno to indicate the error.

ERRORS    [Toc]    [Back]

       The  audgen  system  call fails under the following conditions:
 The user is not privileged for this operation.  The
       value  supplied for the event, tokenp, or argv argument is
       invalid.  The audit record exceeds the audit buffer  size.
       Indicates an attempt to use a system call that is not configured.
  The tokenmask data is invalid.  The  size  argument
 is non-zero, and the userbuff argument is invalid.  A
       value referenced by the argv argument is invalid.

SEE ALSO    [Toc]    [Back]

       Functions:          audgenl(3),           aud_sitevent(3),

       Commands: audgen(8)


[ Back ]
 Similar pages
Name OS Title
audgen Tru64 Generates an audit record
audwrite HP-UX write an audit record for a self-auditing process
satwrite IRIX write a block of audit record data
satread IRIX read a block of audit record data
sat_read_header_info IRIX Portable interfaces to read audit record headers
sat_summarize IRIX generate statistics on a stream of audit records
sat_eventtostr IRIX convert an audit event index to/from an audit event string
sat_write_filehdr IRIX write audit file header, write close time to audit file header
satgetid IRIX get or set audit identity
auditd Tru64 Audit daemon
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service