audgenl(3x) [ultrix man page]
audgenl(3x) audgenl(3x) Name audgenl - generate an audit record Syntax #include<sys/audit.h> int audgenl (event [ ,token_type, token_val] ... , 0 ) unsigned event; Arguments event An integer that indicates the event type of the operation being audited. token_type,token_val A type and value pair defining the data to be placed in the audit record. Description This routine is an interface to the system call. It accepts a variable number of arguments describing the event and audit data, then calls with the appropriate parameters to generate the audit record. This routine is found in the library and is loaded with the -laud option. The argument event is an integer indicating the event type of the operation being audited, as defined in The value of event must be between MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT + N_TRUSTED_EVENTS-1, as defined in The argument pairs containing token_type and token_val describe the data that is to be placed into the audit record. The argument token_type describes the type of data, as defined in The argument token_val should be set to the value of the token when the token is represented by an int or short data type, or be a pointer to the data described by the token when the token references a character string. Restrictions The system call is privileged. The maximum number of token_type, token_val pairs allowed is 8. Return Values On successful completion, a value of 0 is returned. Otherwise, a value of -1 is returned and the global integer variable errno is set to indicate the error. Diagnostics [EACCES] The user is not privileged for this operation. [EINVAL] The value supplied for an argument is invalid. See Also audgenl(3x)
Check Out this Related Man Page
audit(4) Kernel Interfaces Manual audit(4) NAME
audit - audit trail format and other information for auditing DESCRIPTION
Audit records are generated when users make security-relevant system calls, as well as by self-auditing processes that call (see aud- write(2)). Access to the auditing system is restricted to super-user. Each audit record consists of an audit record header and a record body. The record header is comprised of sequence number, process ID, event type, and record body length. The sequence number gives relative order of all records; the process ID belongs to the process being audited; the event type is a field identifying the type of audited activity; the length is the record body length expressed in bytes. The record body is the variable-length component of an audit record containing more information about the audited activity. For records generated by system calls, the body contains the time the audited event completes in either success or failure, and the parameters of the system calls; for records generated by self-auditing processes, the body consists of the time audwrite(2) writes the records and the high- level description of the event (see audwrite(2)). The records in the audit trail are compressed to save file space. When a process is audited the first time, a pid identification record (PIR) is written into the audit trail containing information that remains constant throughout the lifetime of the process. This includes the parent's process ID, audit tag, real user ID, real group ID, effective user ID, effective group ID, group ID list, effective, permit- ted, and retained privileges, compartment ID, and the terminal ID (tty). The PIR is entered only once per process per audit trail. Information accumulated in an audit trail is analyzed and displayed by (see audisp(1M)). AUTHOR
was developed by HP. SEE ALSO
audsys(1M), audevent(1M), audisp(1M), audomon(1M), audwrite(2), audit(5), compartments(5), privileges(5). audit(4)