Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
audit(2)							      audit(2)

       audit - write a record to the audit log

       cc [ flag ... ] file ...	-lbsm -lsocket -lnsl  [	library... ]
       #include	<sys/param.h>
       #include	<bsm/libbsm.h>

       int audit(caddr_t record, int length);

       The   audit()  function	is  used to write a record to the system audit
       log. The	data pointed to	by  record is written to the log after a mini-
       mal   consistency  check, with the length parameter specifying the size
       of the record  in bytes.	  The  data  should  be	 a  well-formed	 audit
       record as described by  audit.log(4).

       The kernel validates the	record header token type and length,  and sets
       the time	stamp value before writing the record to the  audit  log.  The
       kernel  does  not do any	preselection for  user-level generated events.
       If the audit policy is set to  include sequence or trailer tokens,  the
       kernel will append
	them to	the record.

       Upon  successful	 completion, 0 is returned.  Otherwise,	-1 is returned
       and errno is set	to indicate the	error.

       The audit() function will fail if:

       EFAULT	       The record argument points outside the process's	 allo-
		       cated address space.

       EINVAL	       The  record header token	ID is invalid or the length is
		       either less than	the header token size or greater  than

       EPERM	       The  {PRIV_PROC_AUDIT} privilege	is not asserted	in the
		       effective set of	the calling process.

       Only privileged processes can successfully execute this call.

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Interface Stability	     |Stable			   |
       |MT-Level		     |MT-Safe			   |

       bsmconv(1M),  auditd(1M),  auditon(2),  auditsvc(2),  getaudit(2),  au-
       dit.log(4), attributes(5), privileges(5)

       The  functionality  described in	this man page is available only	if the
       Basic Security Module (BSM) has been enabled. See bsmconv(1M) for  more

				  31 Mar 2005			      audit(2)


Want to link to this manual page? Use this URL:

home | help