1audit(2)                         System Calls                         audit(2)
2
3
4

NAME

6       audit - write a record to the audit log
7

SYNOPSIS

9       cc [ flag ... ] file ... -lbsm  -lsocket   -lnsl   [ library... ]
10       #include <sys/param.h>
11       #include <bsm/libbsm.h>
12
13       int audit(caddr_t record, int length);
14
15

DESCRIPTION

17       The  audit()  function  queues a record for writing to the system audit
18       log. The data pointed to by record is queued for the log after a  mini‐
19       mal consistency check, with the length parameter specifying the size of
20       the record  in bytes. The data should be a well-formed audit  record as
21       described by audit.log(4).
22
23
24       The kernel validates the record header token type and length,  and sets
25       the time stamp value before writing the record to the  audit  log.  The
26       kernel does not do any preselection for user-level generated events. If
27       the audit policy is set to  include sequence  or  trailer  tokens,  the
28       kernel will append  them to the record.
29

RETURN VALUES

31       Upon  successful  completion, 0 is returned.  Otherwise, −1 is returned
32       and errno is set to indicate the error.
33

ERRORS

35       The audit() function will fail if:
36
37       E2BIG      The record length is greater than the maximum allowed record
38                  length.
39
40
41       EFAULT     The  record  argument points outside the process's allocated
42                  address space.
43
44
45       EINVAL     The header token in the record is invalid.
46
47
48       ENOTSUP    Solaris Audit is not defined for this system.
49
50
51       EPERM      The {PRIV_PROC_AUDIT}  privilege  is  not  asserted  in  the
52                  effective set of the calling process.
53
54

USAGE

56       Only privileged processes can successfully execute this call.
57

ATTRIBUTES

59       See attributes(5) for descriptions of the following attributes:
60
61
62
63
64       ┌─────────────────────────────┬─────────────────────────────┐
65       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
66       ├─────────────────────────────┼─────────────────────────────┤
67       │Interface Stability          │Committed                    │
68       ├─────────────────────────────┼─────────────────────────────┤
69       │MT-Level                     │MT-Safe                      │
70       └─────────────────────────────┴─────────────────────────────┘
71

SEE ALSO

73       bsmconv(1M),  audit(1M),  auditd(1M),  svcadm(1M),  auditon(2),  getau‐
74       dit(2), audit.log(4), attributes(5), privileges(5)
75

NOTES

77       The functionality described in this man page is available only  if  the
78       Solaris  Auditing  has been enabled and the audit daemon auditd(1M) has
79       not been disabled by audit(1M) or svcadm(1M). See bsmconv(1M) for  more
80       information.
81
82
83
84SunOS 5.11                        16 Apr 2008                         audit(2)
Impressum