Visit Our UNIX and Linux User Community

audgen(2)							System Calls Manual							 audgen(2)

Name
       audgen - generate an audit record

Syntax
       audgen(event, tokenp, argv)
       int event;
       char *tokenp, *argv[];

Description
       The system call generates an audit record, which gets placed in the auditlog.

       The  argument  event  is  an  integer  indicating the event type of the operation being audited (see ).	The value of event must be between
       MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT+N_TRUSTED_EVENTS.

       The argument tokenp is a null-terminated array of token types (see ), each of which represents the type of argument referenced by the  cor-
       responding *argv argument.

       The  argument  argv  is a pointer to an array containing the actual arguments or pointers to those arguments that are to be recorded in the
       audit record.  A pointer to the actual argument is placed in that array when the argument is a string,  array,  or  other  variable  length
       structure.   Arguments  represented  as int's or short's are placed directly in that array.  Each member of the array must be word-aligned.
       You cannot change the values for the audit_id, uid, ruid, pid, ppid, device, IP address, or hostid (secondary tokens for these  values  are
       available).

Return Values
       Upon  successful completion, returns a value of 0.  Otherwise, it returns a value of -1 and sets the global integer variable errno to indi-
       cate the error.

Restrictions
       The call is a privileged system call.  No record is generated if the specified event is not being audited for  the  current  process.   The
       maximum number of arguments referenced by argv is AUD_NPARAM (8).

Diagnostics
       The system call fails under the following conditions:

       [EACCES]       The user is not privileged for this operation.

       [EINVAL]       The value supplied for the event, tokenp, or argv argument is invalid.

																	 audgen(2)

Featured Tech Videos