auditentry(1M) — ADMINISTRATOR COMMANDS
NAME
auditentry − generates an audit entry record
SYNOPSIS
auditentry classname eventname reasonID description
DESCRIPTION
auditentry allows root to send an entry to the audit log. It is a convenient method for shell scripts to issue au_entry(3A) calls.
The parameters are:
classname The printable, user defined audit class name from /var/security/auclass. Note that the audit class name must match the value in the file exactly (including case matching). User defined audit classes fall in the range from 300 to 355 (as defined by MIN_USER_CLASS and MAX_USER_CLASS in <sys/audit.h>).
eventname The printable audit event name from /var/security/auevent. Note that the audit event name must match the value in the file exactly (including case matching).
reasonID The reason code, as listed in <sys/aureason.h>. Only the first character is examined, and that character may be uppercase or lowercase.
description The text description to be placed in the audit log.
Note that execution of this command does not guarantee that the entry will actually be made in the audit log; that depends on the current process audit mask and system audit parameters.
EXAMPLE
The following are typical uses of auditentry:
auditentry lp LP_SUCCESS success "successful print"
auditentry crontab CRONTAB_MAIN_2 "DAC Fail" "discretionary access \
failure"
DIAGNOSTICS
There are no printed error messages. The exit code indicates the success or failure of the operation:
0 Success.
1 Incorrect number of arguments.
2 Could not open /var/security/auclass, invalid audit class name, or audit class was not a user defined audit class.
3 Could not open /var/security/auevent, or invalid audit event name.
4 Invalid reason code.
5 Could not build audit buffer.
6 au_entry(3A) failed.
FILES
/var/security/auclass Audit class file
/var/security/auevent Audit event type file
SEE ALSO
auclassmgmt(1M), aueventmgmt(1M), au_entry(3A), a_fill_aubuff(3A),
auclass(4), auevent(4)
(Security Enhancement)