Visit Our UNIX and Linux User Community

audgen(2)							System Calls Manual							 audgen(2)

       audgen - generate an audit record

       audgen(event, tokenp, argv)
       int event;
       char *tokenp, *argv[];

       The system call generates an audit record, which gets placed in the auditlog.

       The  argument  event  is  an  integer  indicating the event type of the operation being audited (see ).	The value of event must be between

       The argument tokenp is a null-terminated array of token types (see ), each of which represents the type of argument referenced by the  cor-
       responding *argv argument.

       The  argument  argv  is a pointer to an array containing the actual arguments or pointers to those arguments that are to be recorded in the
       audit record.  A pointer to the actual argument is placed in that array when the argument is a string,  array,  or  other  variable  length
       structure.   Arguments  represented  as int's or short's are placed directly in that array.  Each member of the array must be word-aligned.
       You cannot change the values for the audit_id, uid, ruid, pid, ppid, device, IP address, or hostid (secondary tokens for these  values  are

Return Values
       Upon  successful completion, returns a value of 0.  Otherwise, it returns a value of -1 and sets the global integer variable errno to indi-
       cate the error.

       The call is a privileged system call.  No record is generated if the specified event is not being audited for  the  current  process.   The
       maximum number of arguments referenced by argv is AUD_NPARAM (8).

       The system call fails under the following conditions:

       [EACCES]       The user is not privileged for this operation.

       [EINVAL]       The value supplied for the event, tokenp, or argv argument is invalid.


Featured Tech Videos