audgenl(3)audgenl(3)NAMEaudgenl - generate an audit record
SYNOPSIS
#include <sys/audit.h>
int audgenl(
unsigned event [,token_type, token_val] ... , 0 );
LIBRARY
Audit Library - libaud.a and libaud.so
PARAMETERS
The event value of the operation being audited. A type and value pair
defining the data to be placed in the audit record.
DESCRIPTION
This routine is an interface to the audgen() system call. It accepts a
variable number of arguments describing the event and audit data, then
calls audgen() with the appropriate parameters to generate the audit
record. This routine is found in the library and is loaded with the
libaud.a and libaud.so -laud option.
The event argument indicates the event value of the operation being
audited, as defined in audit.h. The value of event must be between one
of the following two values: MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT +
N_TRUSTED_EVENTS -1 MIN_SITE_EVENT and MIN_SITE_EVENT + n_site_events
-1
The constants are defined in audit.h. The definition of n_site_events
is determined by executing the sysconfig -q sec audit_site_events com‐
mand on the running kernel.
The argument pairs containing token_type and token_val describe the
data that is to be placed into the audit record. The argument
token_type describes the type of data, as defined in the set of public
tokens (in audit.h).
The argument token_val should be set to the value of the token when the
token is represented by an int or long data type, or be a pointer to
the data described by the token when the token references a character
string, or other variable length field or structure.
RESTRICTIONS
The audgen() system call is privileged.
The maximum number of token_type, token_val pairs allowed is 128, with
no more than 8 instances of any one token_type.
RETURN VALUES
On successful completion, a value of 0 is returned. Otherwise, a value
of -1 is returned and the global integer variable errno is set to indi‐
cate the error.
ERRORS
The user is not privileged for this operation. The value supplied for
an argument is invalid. The audit record exceeds the audit record
size. Indicates an attempt to use a system call that is not config‐
ured. The tokenmask data is invalid. The size argument is non-zero,
and the userbuff argument is invalid. A value referenced by the argv
argument is invalid.
SEE ALSOaudgen(2), sysconfig(8), sysconfigdb(8)
Security
audgenl(3)