Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

audwrite(2) [hpux man page]

audwrite(2)							System Calls Manual						       audwrite(2)

NAME
audwrite() - write an audit record for a self-auditing process SYNOPSIS
DESCRIPTION
is called by self-auditing processes, which are capable of turning off the regular auditing using the system call (see audswitch(2)) and doing higher-level auditing on their own. is restricted to users with the privilege. checks to see if the auditing system is on and the calling process and the event specified are being audited. If these conditions are met, writes the audit record pointed to by audrec_p into the audit trail. The record consists of an audit record body and a header with the following fields: /* Date/time (tv_sec of timeval) */ /* Process ID */ /* Success/failure */ /* Event being audited */ /* Length of variant part */ The body contains additional information about the high-level audit event. The header fields and are specified by the calling process. fills in and fields with the correct values. this is done to reduce the risk of forgery. Beginning with 11i version 3 release, converts the record into a different format before writing it into the current audit trail. Security Restrictions Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege. Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about privileged access on systems that support fine-grained privileges. RETURN VALUE
If the write is successful, a value of is returned. Otherwise, a value of is returned and is set to indicate the reason for the failure. ERRORS
fails if one of the following is true: The caller does not possess the privilege. The event number in the audit record is invalid. WARNINGS
If causes a file space overflow, the calling process might be suspended until the file space is cleaned up. However, a returned call with the return value of indicates that the audit record has been successfully written. AUTHOR
was developed by HP. SEE ALSO
audswitch(2), audit(4), privileges(5). audwrite(2)

Check Out this Related Man Page

setaudproc(2)							System Calls Manual						     setaudproc(2)

NAME
setaudproc() - controls process level auditing for the current process and its decendents SYNOPSIS
DESCRIPTION
controls process level auditing for the current process and its decendents. It accomplishes this by setting or clearing the flag in the area of the calling process. When this flag is set, the system audits the process; when it is cleared, the process is not audited. This call is restricted to users with the privilege. One of the following flags must be used for aflag: Audit the calling process and its decendents. Do not audit the calling process and its decendents. The flag is inherited by the descendents of a process. consequently, the effect of a call to is not limited to the current process, but propagates to all its decendents as well. For example, if is called with the flag, all subsequent audited system calls in the current process are audited until is called with the flag. Further, performs its action regardless of whether the user executing the process has been selected to be audited or not. For example, if is called with the (or the flag, all subsequent audited system calls will be audited (or not audited), regardless of whether the user exe- cuting the process has been selected for auditing or not. Due to these features, should not be used in most self-auditing applications. should be used (see audswitch(2)) when the objective is to suspend auditing within a process without affecting its decendents or overriding the user selection aspect of the auditing system. Security Restrictions Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege. Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about privileged access on systems that support fine-grained privileges. RETURN VALUE
Upon successful completion, returns 0; otherwise, it returns -1 and sets to indicate the error. AUTHOR
was developed by HP. SEE ALSO
audevent(1M), audusr(1M), audswitch(2), getaudproc(2), audit(5), privileges(5). setaudproc(2)
Man Page