Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ au_entry(3) — Motorola System V 88k Release 4 Version 4.3

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

a_fill_aubuff(3A)

auclass(4)

audit(4)

auevent(4)

audit_file(4)

au_entry(3)  —  LIBRARY FUNCTIONS

NAME

au_entry − places an audit record in the audit trail

SYNOPSIS

#include <sys/audit.h>
#include <sys/auetypes.h>
 int au_entry (classid, buf, nbuf)
int classid;
struct auditbuf buf[];
int nbuf;

DESCRIPTION

The au_entry  system call is used to record an auditable event in the audit trail. 

The parameters are as follows:

classid An audit class ID defined in the include file <sys/audit.h>. 

buf A pointer to the first element in an array whose elements are audit buffers struct auditbuf. 

nbuf The number of elements of buf to place in the generated audit record. 

The class ID is placed in the audit record header and the number of auditbufs in the array pointed to by buf are placed in the audit record. 

The message type for each auditbuf must be either AU_INT, AU_USTR, or AU_UDATA.  Refer to the audit_file(4) manual page for information about message types. 

The event code present in each auditbuf must be defined in <sys/auetypes.h>.  This value is not checked by the au_entry system call, but if invalid various audit trail postprocessing commands will report the entry as invalid. 

Note that the audit entry record is written only if allowed by the various audit controls (i.e., the system audit ranges, the process audit mask, and whether or not auditing is currently enabled). 

This system call requires the root privilege (effective user ID 0). 

The system call will fail if any of the following are true:

[EINVAL] classid is invalid (i.e., is not defined in <sys/audit.h>). 

[EINVAL] The reason code in an auditbuf is not defined in <sys/audit.h>. 

[EINVAL] The message type in an auditbuf is not one of AU_INT, AU_USTR, or AU_UDATA, all of which are defined in <sys/audit.h>. 

[EFAULT] buf points outside the allocated address space of the process. 

[EFAULT] Any or all of the data described by the data pointer and data length information in an auditbuf resides outside the allocated address space of the process. 

DIAGNOSTICS

Upon successful completion, a value of 0 is returned.  Otherwise, a value of −1 is returned and errno is set to indicate the error. 

SEE ALSO

a_fill_aubuff(3A), auclass(4), audit(4), auevent(4), audit_file(4)

(Security Enhancement)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026