Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
audit_submit(3)        FreeBSD Library Functions Manual        audit_submit(3)

NAME
     audit_submit -- general purpose audit record submission

LIBRARY
     Basic Security Module User Library (libbsm, -lbsm)

SYNOPSIS
     #include <stdio.h>

     int
     audit_submit(short au_event, au_id_t auid, char status, int reterr,
         const char * restrict format, ...);

DESCRIPTION
     The audit_submit function provides a generic programming interface for
     audit record submission.  This audit record will contain a header, sub-
     ject token, an optional text token, return token, and a trailer.  The
     header will contain the event class specified by au_event.  The subject
     token will be generated based on au_ctx.  The return token is dependant
     on the status and reterr arguments.  Optionally, a text token will be
     created as a part of this record.

     Text token output is under the control of a format string that specifies
     how subsequent arguments (or arguments accessed via the variable-length
     argument facilities of stdarg(3)) are converted for output.  If format is
     NULL, then no text token is created in the audit record.

     It should be noted that audit_submit assumes that setaudit(2), or
     setaudit_addr(2) has already been called.  As a direct result, the termi-
     nal ID for the subject will be retrieved from the kernel via getaudit(2),
     or getaudit_addr(2).

EXAMPLES
           #include <bsm/audit.h>
           #include <bsm/libbsm.h>
           #include <bsm/audit_uevents.h>

           #include <stdio.h>
           #include <stdarg.h>
           #include <errno.h>

           int
           audit_bad_su(char *from_login, char *to_login)
           {
                   int error;

                   error = audit_submit(AUE_su, getuid(), 1, EPERM,
                       "bad su from %s to %s", from_login, to_login);
                   return (error);
           }

     Will generate the following audit record:

           header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec
           subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0
           text,bad su from from csjp to root
           return,failure : Operation not permitted,1
           trailer,94

SEE ALSO
     auditon(2), getaudit(2), libbsm(3), stdarg(3)

HISTORY
     The audit_submit function first appeared in OpenBSM version 1.0.  OpenBSM
     1.0 was introduced in FreeBSD 7.0.

AUTHORS
     The audit_submit function was written by Christian S.J. Peron
     <csjp@FreeBSD.org>.

FreeBSD 6.2                      May 29, 2006                      FreeBSD 6.2

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=audit_submit&sektion=3&manpath=FreeBSD+6.2-RELEASE>

home | help