audwrite(2)audwrite(2)NAMEaudwrite() - write an audit record for a self-auditing process
SYNOPSISDESCRIPTION
is called by self-auditing processes, which are capable of turning off
the regular auditing using the system call (see audswitch(2)) and doing
higher-level auditing on their own. is restricted to users with the
privilege.
checks to see if the auditing system is on and the calling process and
the event specified are being audited. If these conditions are met,
writes the audit record pointed to by audrec_p into the audit trail.
The record consists of an audit record body and a header with the fol‐
lowing fields:
/* Date/time (tv_sec of timeval) */
/* Process ID */
/* Success/failure */
/* Event being audited */
/* Length of variant part */
The body contains additional information about the high-level audit
event. The header fields and are specified by the calling process.
fills in and fields with the correct values. this is done to reduce
the risk of forgery. Beginning with 11i version 3 release, converts
the record into a different format before writing it into the current
audit trail.
Security Restrictions
Some or all of the actions associated with this system call require the
privilege. Processes owned by the superuser have this privilege. Pro‐
cesses owned by other users may have this privilege, depending on sys‐
tem configuration. See privileges(5) for more information about privi‐
leged access on systems that support fine-grained privileges.
RETURN VALUE
If the write is successful, a value of is returned. Otherwise, a value
of is returned and is set to indicate the reason for the failure.
ERRORS
fails if one of the following is true:
The caller does not possess the
privilege.
The event number in the audit record is invalid.
WARNINGS
If causes a file space overflow, the calling process might be suspended
until the file space is cleaned up. However, a returned call with the
return value of indicates that the audit record has been successfully
written.
AUTHOR
was developed by HP.
SEE ALSOaudswitch(2), audit(4), privileges(5).
audwrite(2)