auditlog
Purpose
Appends an audit record to the audit trail file.
Syntax
#include <auditlog.h>
int auditlog (event, type, length, buf)
char *event;
short type, length;
char *buf;
Description
The auditlog system call appends the user level audit
record given by parameters length and buf to the end of
the current audit trail file. The length parameter must
be 0 or greater. The audit event table,
/etc/security/audit/a_event, defines the valid user level
event names. Each user level event name has a corre-
sponding action name (usually a namesake) in the audit
action table, /etc/security/audit/a_action and a unique
audit action id, x, where:
A_MINLOGEVENT < x < A_MAXLOGEVENT
The values of the type parameter, which provides informa-
tion on how to interpret the data in buf, are defined in
the auditlog.h header file.
The effective user ID of the calling process must be
superuser to use the auditlog system call.
Return Value
Upon successful completion, the auditlog system call
returns a value of 0. If auditlog fails, a value of -1
is returned and errno is set to indicate the error.
Diagnostics
The auditlog system call fails if one or more of the fol-
lowing are true:
EFAULT The buf parameter &pointsout..
EINVAL The value specified by the event, type, or
length parameter has a value that is not
valid.
EPERM The effective user ID of the calling process
is not superuser.
If Distributed Services is installed on your system, the
auditlog system call can also fail if one or more of the
following are true:
EAGAIN The server is too busy to accept the
request.
EBADCONNECT An attempt to use an existing network
connection with a remote node failed.
EDIST The server has blocked new inbound
requests.
EDIST Outbound requests are currently
blocked.
ENOMEM Either this node or the server does not
have enough memory to service the
request.
Related Information
In this book: "audit," "auditproc," and "auditsys." In
this book: "audit" and "a_event."