Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31559 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

satwrite(2)							   satwrite(2)

NAME
     satwrite, satvwrite - write a block of audit record data

C SYNOPSIS
     #include <sys/sat.h>
     int satwrite (int event, int outcome, char *buffer, unsigned nbytes)
     #include <stdarg.h> #include <sat.h>
     int satvwrite (int event, int outcome, char *format, ...)

DESCRIPTION
     satwrite writes nbytes bytes to the security audit trail record queue
     from the buffer pointed to by buffer.

     satvwrite is a more convenient libc interface for generating audit
     records, which are generally text strings.	 Format is a printf-like
     format string, followed by a variable number of arguments.	 See
     printf(3S) for more information on the possible formatting characters.

     Event must be equal to one of the SAT record type constants for
     administrative events, as defined in /usr/include/sys/sat.h. Permissible
     values are:

     SAT_AE_AUDIT	 satwrite is called by audit subsystem utilities.

     SAT_AE_IDENTITY	 satwrite is called by programs in the identification
			 and authentication subsystem.

     SAT_AE_DBEDIT	 satwrite is called by the program which edits
			 administrative databases.

     SAT_AE_MOUNT	 satwrite is called by the programs which mount
			 filesystems.

     SAT_AE_CUSTOM	 satwrite is called by customer written self auditing
			 applications.

     outcome should be equal to SAT_SUCCESS or SAT_FAILURE, as defined in
     /usr/include/sys/sat.h. satwrite interprets any value other than
     SAT_FAILURE as an alternate representation of SAT_SUCCESS.

     Buffer should contain audit data in human readable form.  Although there
     are no restrictions on its content, sat_interpret(1m) always interprets
     the data as a null-terminated string.

ERRORS
     satwrite fails if these conditions are true:

     [ENOPKG]	    Audit is not configured on this system.

									Page 1

satwrite(2)							   satwrite(2)

     [EPERM]	    The caller does not have CAP_AUDIT_WRITE capability.

     [EINVAL]	    buffer is null, or nbytes is greater than
		    SAT_MAX_USER_REC.

     [EDOM]	    event is not one of the permitted values.

     [EFAULT]	    data can't be copied from buffer into the kernel.

RETURN VALUE
     A return value of -1 indicates an error and errno is set to indicate the
     error.  Otherwise 0 is returned.

SEE ALSO
     sat_echo(1m), satoff(2), saton(2), satread(2), satstate(2), printf(3S)

									Page 2

Vote for polarhome