| 
        audgenl - generate an audit record
        #include <sys/audit.h>
       int audgenl(
               unsigned event [,token_type, token_val] ... , 0 );
       Audit Library  - libaud.a and libaud.so
        The event value of the operation being  audited.   A  type
       and value pair defining the data to be placed in the audit
       record.
       This routine is an interface to the audgen() system  call.
       It  accepts  a variable number of arguments describing the
       event and audit data, then calls audgen() with the  appropriate
  parameters to generate the audit record. This routine
 is found in  the  library  and  is  loaded  with  the
       libaud.a and libaud.so -laud option.
       The event argument indicates the event value of the operation
 being audited, as defined in audit.h.  The  value  of
       event  must  be  between  one of the following two values:
       MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT + N_TRUSTED_EVENTS
       -1 MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events -1
       The  constants  are  defined in audit.h. The definition of
       n_site_events is determined by executing the sysconfig  -q
       sec audit_site_events command on the running kernel.
       The  argument  pairs  containing  token_type and token_val
       describe the data that is to  be  placed  into  the  audit
       record.  The  argument  token_type  describes  the type of
       data, as defined in the set of public tokens (in audit.h).
       The  argument  token_val should be set to the value of the
       token when the token is represented by an int or long data
       type,  or  be a pointer to the data described by the token
       when the token references a  character  string,  or  other
       variable length field or structure.
       The audgen() system call is privileged.
       The  maximum number of token_type, token_val pairs allowed
       is  128,  with  no  more  than  8  instances  of  any  one
       token_type.
       On  successful completion, a value of 0 is returned.  Otherwise,
 a value of -1 is returned and the  global  integer
       variable errno is set to indicate the error.
       The  user is not privileged for this operation.  The value
       supplied for an argument is  invalid.   The  audit  record
       exceeds  the  audit  record size.  Indicates an attempt to
       use a system call that is not configured.   The  tokenmask
       data  is  invalid.  The size argument is non-zero, and the
       userbuff argument is invalid.  A value referenced  by  the
       argv argument is invalid.
       audgen(2), sysconfig(8), sysconfigdb(8)
       Security
                                                       audgenl(3)
[ Back ] |