getaeent(3A) — MISC. REFERENCE MANUAL PAGES
NAME
getaeent, getaeeid, getaenam, setaeent, endaeent, fgetaeent − gets audit event type entry
SYNOPSIS
#include <auevent.h>
#include <stdio.h>
struct auevent ∗getaeent ()
struct auevent ∗getaeeid (eid)
int eid;
struct auevent ∗getaenam (name)
char ∗name;
int setaeent ()
void endaeent ()
struct auevent ∗fgetaeent (f)
FILE ∗f;
DESCRIPTION
getaeent, getaeeid, and getaenam each return a pointer to an object with the auevent structure containing the fields of a line in the /var/security/auevent file. Each line in the file corresponds to an auevent structure, declared in the <auevent.h> header file:
struct auevent
{
intae_eid;
char∗ae_name;
char∗ae_desc;
};
The fields have the meanings defined in auevent(4).
getaeent, when first called, returns a pointer to the first auevent structure in the file. Thereafter, it returns a pointer to the next auevent structure in the file, so successive calls can be used to search the entire file.
getaeeid searches from the beginning of the file until a numerical audit event type ID matching eid is found and returns a pointer to the particular structure in which it was found.
getaenam searches from the beginning of the file until an audit event name matching name is found and returns a pointer to the particular structure in which it was found.
If an end-of-file or an error is encountered on reading, the three preceding functions will return a NULL pointer.
If the audit event file is already open, a call to setaeent will have the effect of rewinding the audit event file to allow repeated searches. Otherwise, setaeent will open the audit event file.
endaeent is called to close the audit event file when processing is complete.
fgetaeent returns a pointer to the next auevent structure that matches the format of /var/security/auevent in the stream f.
Lines in the audit event file that are blank or begin with a pound character (#) are ignored.
Except for endaeent, these functions all require super-user privilege.
FILES
/var/security/aueventaudit event file
SEE ALSO
DIAGNOSTICS
A NULL pointer is returned on EOF or error, execpt for setaeent which returns -1 on error.
WARNINGS
The above routines use <stdio.h>, which causes them to increase the size of programs more than might be expected if the programs do not otherwise use standard I/O.
All information is contained in a static area, so it must be copied if it is to be saved.
(Security Enhancement)