Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditlog(2) — AIX/RT 2.2.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audit

auditproc

auditsys

audit

a_event

auditlog

Purpose

     Appends an audit record to the audit trail file.

Syntax

     #include <auditlog.h>

     int auditlog  (event, type, length, buf)
     char *event;
     short type, length;
     char *buf;

Description

     The  auditlog system  call appends  the user  level audit
     record given by  parameters length and buf to  the end of
     the current audit trail  file.  The length parameter must
     be   0    or   greater.     The   audit    event   table,
     /etc/security/audit/a_event, defines the valid user level
     event names.   Each user  level event  name has  a corre-
     sponding action  name (usually  a namesake) in  the audit
     action table,  /etc/security/audit/a_action and  a unique
     audit action id, x, where:

          A_MINLOGEVENT < x < A_MAXLOGEVENT

     The values of the type parameter, which provides informa-
     tion on how to interpret the  data in buf, are defined in
     the auditlog.h header file.

     The  effective user  ID of  the calling  process must  be
     superuser to use the auditlog system call.

Return Value

     Upon  successful  completion,  the auditlog  system  call
     returns a value  of 0.  If auditlog fails, a  value of -1
     is returned and errno is set to indicate the error.

Diagnostics

     The auditlog system call fails if one or more of the fol-
     lowing are true:

     EFAULT     The buf parameter &pointsout..

     EINVAL     The  value specified  by the  event, type,  or
                length  parameter  has  a value  that  is  not
                valid.

     EPERM      The effective  user ID of the  calling process
                is not superuser.

     If Distributed Services is  installed on your system, the
     auditlog system call can also fail  if one or more of the
     following are true:

     EAGAIN            The server  is too  busy to  accept the
                       request.

     EBADCONNECT       An attempt  to use an  existing network
                       connection with a remote node failed.

     EDIST             The  server  has  blocked  new  inbound
                       requests.

     EDIST             Outbound    requests   are    currently
                       blocked.

     ENOMEM            Either this node or the server does not
                       have  enough  memory   to  service  the
                       request.

Related Information

     In this book:  "audit,"   "auditproc," and "auditsys." In
     this book:  "audit" and  "a_event."

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026