audgen(2) System Calls Manual audgen(2)
audgen - generate an audit record
audgen(event, tokenp, argv)
char *tokenp, *argv;
The system call generates an audit record, which gets placed in the auditlog.
The argument event is an integer indicating the event type of the operation being audited (see ). The value of event must be between
MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT+N_TRUSTED_EVENTS.
The argument tokenp is a null-terminated array of token types (see ), each of which represents the type of argument referenced by the cor-
responding *argv argument.
The argument argv is a pointer to an array containing the actual arguments or pointers to those arguments that are to be recorded in the
audit record. A pointer to the actual argument is placed in that array when the argument is a string, array, or other variable length
structure. Arguments represented as int's or short's are placed directly in that array. Each member of the array must be word-aligned.
You cannot change the values for the audit_id, uid, ruid, pid, ppid, device, IP address, or hostid (secondary tokens for these values are
Upon successful completion, returns a value of 0. Otherwise, it returns a value of -1 and sets the global integer variable errno to indi-
cate the error.
The call is a privileged system call. No record is generated if the specified event is not being audited for the current process. The
maximum number of arguments referenced by argv is AUD_NPARAM (8).
The system call fails under the following conditions:
[EACCES] The user is not privileged for this operation.
[EINVAL] The value supplied for the event, tokenp, or argv argument is invalid.