Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

audgen(8) [osf1 man page]

audgen(8)						      System Manager's Manual							 audgen(8)

NAME
audgen - Generates an audit record SYNOPSIS
/usr/sbin/audgen audit_record_parameter_list DESCRIPTION
The audgen utility generates an audit record, which is placed in the auditlog. Standard audit event information, such as identification information and a timestamp, are automatically inserted. The audit_record_parameter_list consists of 1 to 8 strings, each of which is inserted into the audit record. The event type is set to AUDGEN8. RESTRICTIONS
This utility makes use of the audgen system call, which requires privilege. No record will be generated if the event AUDGEN8 is not being audited for the current process. EXAMPLES
The following is an example of an audit_record_parameter_list for audgen: # audgen "string 1" "string 2" string3 RELATED INFORMATION
Commands: auditconfig(8) Functions: audgen(2) delim off audgen(8)

Check Out this Related Man Page

audgenl(3)						     Library Functions Manual							audgenl(3)

NAME
audgenl - generate an audit record LIBRARY
Audit Library - libaud.a and libaud.so SYNOPSIS
#include <sys/audit.h> int audgenl ( unsigned event [ ,token_type, token_val] ... , 0 ); PARAMETERS
event The event value of the operation being audited. token_type,token_val A type and value pair defining the data to be placed in the audit record. DESCRIPTION
This routine is an interface to the audgen system call. It accepts a variable number of arguments describing the event and audit data, then calls audgen with the appropriate parameters to generate the audit record. This routine is found in the library and is loaded with the libaud.a and libaud.so -laud option. The event argument indicates the event value of the operation being audited, as defined in audit.h. The value of event must be between one of the following two values: MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT + N_TRUSTED_EVENTS -1 MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events -1 The constants are defined in audit.h. The definition of n_site_events is determined by executing the sysconfig -q sec audit_site_events command on the running kernel. The argument pairs containing token_type and token_val describe the data that is to be placed into the audit record. The argument token_type describes the type of data, as defined in the set of public tokens (in audit.h). The argument token_val should be set to the value of the token when the token is represented by an int or long data type, or be a pointer to the data described by the token when the token references a character string, or other variable length field or structure. RESTRICTIONS
The audgen system call is privileged. The maximum number of token_type, token_val pairs allowed is 128, with no more than 8 instances of any one token_type. RETURN VALUES
On successful completion, a value of 0 is returned. Otherwise, a value of -1 is returned and the global integer variable errno is set to indicate the error. ERRORS
[EACCES] The user is not privileged for this operation. [EINVAL] The value supplied for an argument is invalid. [E2BIG] The audit record exceeds the audit record size. [ENOSYS] Indicates an attempt to use a system call that is not configured. [EIO] The tokenmask data is invalid. [EIO] The size argument is non-zero, and the userbuff argument is invalid. [EFAULT] A value referenced by the argv argument is invalid. RELATED INFORMATION
audgen(2), sysconfig(8), sysconfigdb(8) Security delim off audgenl(3)
Man Page

We Also Found This Discussion For You

1. What is on Your Mind?

Throw my Toys out of the Pram!

Hi Folks, Today hasn't been the best one of my career in IT. I've been a contractor for a major utility company for a number of years, on a number of seperate IT contracts mostly Unix. The company had 10 different flavours of unix and multiple different varsions of most of them. At the... (3 Replies)
Discussion started by: gull04
3 Replies