1getauevent(3BSM)    Security and Auditing Library Functions   getauevent(3BSM)
2
3
4

NAME

6       getauevent,    getauevnam,    getauevnum,   getauevnonam,   setauevent,
7       endauevent, getauevent_r, getauevnam_r, getauevnum_r - get  audit_event
8       entry
9

SYNOPSIS

11       cc [ flag... ] file... -lbsm  -lsocket   -lnsl   [ library... ]
12       #include <sys/param.h>
13       #include <bsm/libbsm.h>
14
15       struct au_event_ent *getauevent(void);
16
17
18       struct au_event_ent *getauevnam(char *name);
19
20
21       struct au_event_ent *getauevnum(au_event_t event_number);
22
23
24       au_event_t getauevnonam(char *event_name);
25
26
27       void setauevent(void);
28
29
30       void endauevent(void);
31
32
33       struct au_event_ent *getauevent_r(au_event_ent_t *e);
34
35
36       struct au_event_ent *getauevnam_r(au_event_ent_t *e, char *name);
37
38
39       struct au_event_ent *getauevnum_r(au_event_ent_t *e,
40            au_event_t event_number);
41
42

DESCRIPTION

44       These  functions  document  the  programming  interface  for  obtaining
45       entries from the audit_event(4) file. The  getauevent(),  getauevnam(),
46       getauevnum(),  getauevent(),  getauevnam(),  and getauevnum() functions
47       each return a pointer to an audit_event structure.
48
49
50       The getauevent() and  getauevent_r()  functions  enumerate  audit_event
51       entries.  Successive  calls to these functions return either successive
52       audit_event entries or NULL.
53
54
55       The getauevnam() and getauevnam_r() functions search for an audit_event
56       entry with event_name.
57
58
59       The getauevnum() and getauevnum_r() functions search for an audit_event
60       entry with event_number.
61
62
63       The getauevnonam() function searches  for  an  audit_event  entry  with
64       event_name and returns the corresponding event number.
65
66
67       The  setauevent() function ``rewinds'' to the beginning of the enumera‐
68       tion of  audit_event entries.   Calls  to  getauevnam(),  getauevnum(),
69       getauevnonum(), getauevnam_r(), or getauevnum_r() can leave the enumer‐
70       ation in an indeterminate state. The setauevent()  function  should  be
71       called before the first call to getauevent() or getauevent_r().
72
73
74       The  endauevent()  function  can be called to indicate that audit_event
75       processing is complete. The system can then close any open  audit_event
76       file, deallocate storage, and so forth.
77
78
79       The  getauevent_r(),  getauevnam_r(), and getauevnum_r() functions each
80       take an argument e, which is  a  pointer  to  an  au_event_ent_t.  This
81       pointer  is  returned on a successful function call. To assure there is
82       enough space for the information returned, the applications  programmer
83       should  be  sure  to  allocate  AU_EVENT_NAME_MAX and AU_EVENT_DESC_MAX
84       bytes for the ae_name and ac_desc elements of the  au_event_ent_t  data
85       structure.
86
87
88       The  internal representation of an audit_event entry is an au_event_ent
89       structure defined in <bsm/libbsm.h> with the following members:
90
91         au_event_t      ae_number
92         char            *ae_name;
93         char            *ae_desc*;
94         au_class_t      ae_class;
95
96

RETURN VALUES

98       The getauevent(), getauevnam(), getauevnum(), getauevent_r(),  getauev‐
99       nam_r(),   and   getauevnum_r()   functions   return  a  pointer  to  a
100       au_event_ent structure if the requested entry is successfully  located.
101       Otherwise they return NULL.
102
103
104       The  getauevnonam() function returns an event number of type au_event_t
105       if it successfully enumerates an  entry.  Otherwise  it  returns  NULL,
106       indicating it could not find the requested event name.
107

FILES

109       /etc/security/audit_event    file  that  maps  audit  event  numbers to
110                                    audit event names
111
112
113       /etc/passwd                  file that stores user-ID to username  map‐
114                                    pings
115
116

ATTRIBUTES

118       See attributes(5) for descriptions of the following attributes:
119
120
121
122
123       ┌─────────────────────────────┬─────────────────────────────┐
124       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
125       ├─────────────────────────────┼─────────────────────────────┤
126       │MT-Level                     │MT-Safe with exceptions      │
127       └─────────────────────────────┴─────────────────────────────┘
128
129
130       The getauevent(),  getauevnam(), and getauevnum() functions are Unsafe.
131       The   equivalent   functions   getauevent_r(),   getauevnam_r(),    and
132       getauevnum_r()  provide  the same functionality and an MT-Safe function
133       call interface.
134

SEE ALSO

136       bsmconv(1M),   getauclassent(3BSM),    getpwnam(3C),    audit_class(4),
137       audit_event(4), passwd(4), attributes(5)
138

NOTES

140       All  information  for  the getauevent(), getauevnam(), and getauevnum()
141       functions is contained in a static area, so it must be copied if it  is
142       to be saved.
143
144
145       The  functionality  described  on this manual page is available only if
146       the Solaris Auditing has been enabled.  See bsmconv(1M) for more infor‐
147       mation.
148
149
150
151SunOS 5.11                        25 Jun 2008                 getauevent(3BSM)
Impressum