Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditbuf(2) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditctl(2)

auditdmp(2)

auditevt(2)

auditlog(2)






       auditbuf(2)                                              auditbuf(2)


       NAME
             auditbuf - get or set the audit buffer attributes

       SYNOPSIS
             #include <sys/types.h>
             #include <audit.h>
             int auditbuf(int cmd, struct abuf *bufp, int size);

       DESCRIPTION
             The auditbuf system call is used to get or set the
             high_water_mark (vhigh) and size (bsize) of the audit
             buffer(s).  The high_water_mark limits the amount of memory
             that can be held within the audit buffer.

             The default high_water_mark is equal to the size of an audit
             buffer (ADT_BSIZE).  The valid range of values for vhigh is
             greater than or equal to zero and less than or equal to
             ADT_BSIZE.  If vhigh is equal to zero, the audit buffer
             mechanism is bypassed and all records are written directly to
             the audit log file.  The size of the audit buffer (ADT_BSIZE)
             is a tunable parameter found in /etc/conf/mtune.d/audit and
             cannot be modified by the auditbuf system call.

             Two values for cmd are supported: ABUFGET and ABUFSET.  When
             the specified cmd is ABUFGET, the value of the high_water_mark
             is returned in vhigh, and the size of the audit buffer is
             returned in bsize.

             When the specified cmd is ABUFSET, the value of the
             high_water_mark is changed to vhigh, and the bsize of the
             audit buffer is ignored.

             The bufp argument points to a structure of type abuf that
             contains the following elements:

                   struct abuf {
                         int vhigh;  /* audit buffer high_water_mark */
                         int bsize;  /* audit buffer size */
                   }

             The size argument is used to verify the size of the abuf
             structure being passed to determine the version of auditing.

             Auditing must be installed on the system before this system
             call can be used.  Use of the auditbuf system call requires
             the appropriate privilege(P_AUDIT).


                           Copyright 1994 Novell, Inc.               Page 1













      auditbuf(2)                                              auditbuf(2)


         Return Values
            On success, auditbuf returns 0.  On failure, auditbuf returns
            -1 and sets errno to identify the error.

         Errors
            In the following conditions, auditbuf fails and sets errno to:

            EFAULT    The cmd is ABUFGET and abufp is invalid.

            EFAULT    The cmd is ABUFSET and abufp is invalid.

            EINVAL    The size of abuf is not equal to size.

            EINVAL    The cmd is ABUFSET and the value of vhigh is less
                      than zero or greater than ADT_BSIZE.

            EINVAL    The cmd is invalid.

            EPERM     The process does not have the appropriate privilege
                      (P_AUDIT).

            ENOPKG    The audit package is not installed.

      REFERENCES
            auditctl(2), auditdmp(2), auditevt(2), auditlog(2)























                          Copyright 1994 Novell, Inc.               Page 2








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026