Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
auditsvc(2)							   auditsvc(2)

       auditsvc	- write	audit log to specified file descriptor

       cc [ flag... ] file... -lbsm -lsocket -lnsl  [ library... ]
       #include	<sys/param.h>
       #include	<bsm/audit.h>

       int auditsvc(int	fd, int	limit);

       The auditsvc() function specifies the audit log file to the kernel. The
       kernel writes audit records to this file	until an exceptional condition
       occurs  and then	the call returns. The fd argument is a file descriptor
       that identifies the audit file. Applications should open	this file  for
       writing before calling auditsvc().

       The  limit  argument  specifies	the number of free blocks that must be
       available in the	audit file system, and	causes	auditsvc()  to	return
       when  the  free	disk  space  on	 the audit filesystem drops below this
       limit. Thus, the	invoking program can take action to avoid running  out
       of disk space.

       The auditsvc() function does not	return until one of the	following con-
       ditions occurs:

	 o  The	process	receives a signal that is not blocked or ignored.

	 o  An error is	encountered writing to the audit log file.

	 o  The	minimum	free space (as specified by limit), has	been reached.

       The auditsvc() function returns only on an error.

       The auditsvc() function will fail if:

       EAGAIN	       The descriptor referred to a  stream,  was  marked  for
		       System  V-style	non-blocking I/O, and no data could be
		       written immediately.

       EBADF	       The fd argument is not  a  valid	 descriptor  open  for

       EBUSY	       A second	process	attempted to perform this call.

       EFBIG	       An  attempt  was	 made to write a file that exceeds the
		       process's file size limit or the	maximum	file size.

       EINTR	       The call	is forced to terminate prematurely due to  the
		       arrival	of a signal whose SV_INTERRUPT bit in sv_flags
		       is set  (see  sigvec(3UCB)).  The  signal(3C)  function
		       sets this bit for any signal it catches.

       EINVAL	       Auditing	 is disabled (see auditon(2)), or the fd argu-
		       ment does not refer to a	file of	 an  appropriate  type
		       (regular	files are always appropriate.)

       EIO	       An  I/O error occurred while reading from or writing to
		       the file	system.

       ENOSPC	       The user's quota	of disk	blocks on the file system con-
		       taining	the  file has been exhausted; audit filesystem
		       space is	below the specified limit; or there is no free
		       space remaining on the file system containing the file.

       ENXIO	       A hangup	occurred on the	stream being written to.

       EPERM	       The  {PRIV_SYS_AUDIT}  privilege	is not asserted	in the
		       effective set of	the calling process.

       EWOULDBLOCK     The file	was marked for 4.2 BSD-style non-blocking I/O,
		       and no data could be written immediately.

       Only  processes	with appropriate privileges can	execute	this call suc-

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Interface Stability	     |Obsolete			   |
       |MT-Level		     |MT-Safe			   |

       auditd(1M),  bsmconv(1M),  audit(2),  auditon(2),   sigvec(3UCB),   au-
       dit.log(4), attributes(5), privileges(5)

       The  functionality  described  on  this	manual page is internal	to au-
       ditd(1M)	and might not be supported in a	future release.

       The functionality described on this man page is available only  if  the
       Basic  Security Module (BSM) has	been enabled. See bsmconv(1M) for more

				  31 Mar 2005			   auditsvc(2)


Want to link to this manual page? Use this URL:

home | help