audgenl(3) [osf1 man page]
audgenl(3) Library Functions Manual audgenl(3) NAME
audgenl - generate an audit record LIBRARY
Audit Library - libaud.a and libaud.so SYNOPSIS
#include <sys/audit.h> int audgenl ( unsigned event [ ,token_type, token_val] ... , 0 ); PARAMETERS
event The event value of the operation being audited. token_type,token_val A type and value pair defining the data to be placed in the audit record. DESCRIPTION
This routine is an interface to the audgen system call. It accepts a variable number of arguments describing the event and audit data, then calls audgen with the appropriate parameters to generate the audit record. This routine is found in the library and is loaded with the libaud.a and libaud.so -laud option. The event argument indicates the event value of the operation being audited, as defined in audit.h. The value of event must be between one of the following two values: MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT + N_TRUSTED_EVENTS -1 MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events -1 The constants are defined in audit.h. The definition of n_site_events is determined by executing the sysconfig -q sec audit_site_events command on the running kernel. The argument pairs containing token_type and token_val describe the data that is to be placed into the audit record. The argument token_type describes the type of data, as defined in the set of public tokens (in audit.h). The argument token_val should be set to the value of the token when the token is represented by an int or long data type, or be a pointer to the data described by the token when the token references a character string, or other variable length field or structure. RESTRICTIONS
The audgen system call is privileged. The maximum number of token_type, token_val pairs allowed is 128, with no more than 8 instances of any one token_type. RETURN VALUES
On successful completion, a value of 0 is returned. Otherwise, a value of -1 is returned and the global integer variable errno is set to indicate the error. ERRORS
[EACCES] The user is not privileged for this operation. [EINVAL] The value supplied for an argument is invalid. [E2BIG] The audit record exceeds the audit record size. [ENOSYS] Indicates an attempt to use a system call that is not configured. [EIO] The tokenmask data is invalid. [EIO] The size argument is non-zero, and the userbuff argument is invalid. [EFAULT] A value referenced by the argv argument is invalid. RELATED INFORMATION
audgen(2), sysconfig(8), sysconfigdb(8) Security delim off audgenl(3)
Check Out this Related Man Page
audgen(2) System Calls Manual audgen(2) NAME
audgen - generate an audit record SYNOPSIS
#include <sys/audit.h> audgen( int event, char *tokenp, char *argv[], char *userbuff, long *size); DESCRIPTION
The system call generates an audit record. The argument event is an integer indicating the event type of the operation being audited (see The value of event must be between one of the following values: MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT + N_TRUSTED_EVENTS -1 MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events -1 The number of site-defined events, n_site_events, is determined by the sysconfig sec parameter audit_site_events. Use sysconfig -q sec to view the security configuration controlled by /etc/sysconfigtab. See aud_sitevent(3) and aud_sitevent_num(3) for information on mapping site-defined event names and event numbers. The tokenp argument is a null-terminated array of token_type (see each of which represents the type of argument referenced by the corre- sponding *argv argument. The argv argument is a pointer to an array containing either the actual arguments or pointers to those arguments that are to be recorded in the audit record. A pointer to the actual argument is placed in that array when the argument is a string, array, or other variable length structure. Arguments represented as an int or a long are placed directly in that array. The available public tokens are listed in the audit.h file. If size is nonzero, *size is the size of userbuff provided to audgen, and the audit record created is not passed into the system audit data stream, but is copied out to userbuff. On return, *size is updated to the number of bytes of data placed into userbuff. If the size of the audit record exceeds *size, then errno is set to E2BIG. Applications can use this feature to create their own audit records. RESTRICTIONS
The call is a privileged system call. No record is generated for the system audit data stream if the specified event is not being audited for the current process. The maximum number of arguments referenced by argv is AUD_NPARAM (128) with no more than 8 of any one token_type. RETURN VALUES
Upon successful completion, returns a value of 0. Otherwise, it returns a value of -1 and sets the global integer variable errno to indi- cate the error. ERRORS
The system call fails under the following conditions: [EACCES] The user is not privileged for this operation. [EINVAL] The value supplied for the event, tokenp, or argv argument is invalid. [E2BIG] The audit record exceeds the audit buffer size. [ENOSYS] Indicates an attempt to use a system call that is not configured. [EIO] The tokenmask data is invalid. [EIO] The size argument is non-zero, and the userbuff argument is invalid. [EFAULT] A value referenced by the argv argument is invalid. RELATED INFORMATION
Functions: audgenl(3), aud_sitevent(3), aud_sitevent_num(3) Commands: audgen(8) Security delim off audgen(2)