audgenl - generate an audit record
unsigned event [,token_type, token_val] ... , 0 );
Audit Library - libaud.a and libaud.so
The event value of the operation being audited. A type
and value pair defining the data to be placed in the audit
This routine is an interface to the audgen() system call.
It accepts a variable number of arguments describing the
event and audit data, then calls audgen() with the appropriate
parameters to generate the audit record. This routine
is found in the library and is loaded with the
libaud.a and libaud.so -laud option.
The event argument indicates the event value of the operation
being audited, as defined in audit.h. The value of
event must be between one of the following two values:
MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT + N_TRUSTED_EVENTS
-1 MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events -1
The constants are defined in audit.h. The definition of
n_site_events is determined by executing the sysconfig -q
sec audit_site_events command on the running kernel.
The argument pairs containing token_type and token_val
describe the data that is to be placed into the audit
record. The argument token_type describes the type of
data, as defined in the set of public tokens (in audit.h).
The argument token_val should be set to the value of the
token when the token is represented by an int or long data
type, or be a pointer to the data described by the token
when the token references a character string, or other
variable length field or structure.
The audgen() system call is privileged.
The maximum number of token_type, token_val pairs allowed
is 128, with no more than 8 instances of any one
On successful completion, a value of 0 is returned. Otherwise,
a value of -1 is returned and the global integer
variable errno is set to indicate the error.
The user is not privileged for this operation. The value
supplied for an argument is invalid. The audit record
exceeds the audit record size. Indicates an attempt to
use a system call that is not configured. The tokenmask
data is invalid. The size argument is non-zero, and the
userbuff argument is invalid. A value referenced by the
argv argument is invalid.
audgen(2), sysconfig(8), sysconfigdb(8)
[ Back ]