[ Next Article |
Previous Article |
Book Contents |
Library Home |
Legal |
Search ]
Base Operating System and Extensions Technical Reference, Volume 1
auditlog Subroutine
Purpose
Appends an audit record to the audit trail file.
Library
Standard C Library (libc.a)
Syntax
#include <sys/audit.h>
int auditlog (Event, Result, Buffer, BufferSize)
char *Event;
int Result;
char *Buffer;
int BufferSize;
Description
The auditlog subroutine generates an audit record. The kernel audit-logging component appends a record for the specified Event if system auditing is enabled, process auditing is not suspended, and the Event parameter is in one or more of the audit classes for the current process.
The audit logger generates the audit record by adding the Event and Result parameters to the audit header and including the resulting information in the Buffer parameter as the audit tail.
Parameters
Event |
The name of the audit event to be generated. This parameter should be the name of an audit event. Audit event names are truncated to 15 characters plus null. |
Result |
Describes the result of this event. Valid values are defined in the sys/audit.h file and include the following:
- AUDIT_OK
- The event was successful.
- AUDIT_FAIL
- The event failed.
- AUDIT_FAIL_ACCESS
- The event failed because of any access control denial.
- AUDIT_FAIL_DAC
- The event failed because of a discretionary access control denial.
- AUDIT_FAIL_PRIV
- The event failed because of a privilege control denial.
- AUDIT_FAIL_AUTH
- The event failed because of an authentication denial.
Other nonzero values of the Result parameter are converted into the AUDIT_FAIL value. |
Buffer |
Points to a buffer containing the tail of the audit record. The format of the information in this buffer depends on the event name. |
BufferSize |
Specifies the size of the Buffer parameter, including the terminating null. |
Return Values
Upon successful completion, the auditlog subroutine returns a value of 0. If auditlog fails, a value of -1 is returned and the errno global variable is set to indicate the error.
The auditlog subroutine does not return any indication of failure to write the record where this is due to inappropriate tailoring of auditing subsystem configuration files or user-written code. Accidental omissions and typographical errors in the configuration are potential causes of such a failure.
Error Codes
The auditlog subroutine fails if any of the following are true:
EFAULT |
The Event or Buffer parameter points outside of the process' address space. |
EINVAL |
The auditing system is either interrupted or not initialized. |
EINVAL |
The length of the audit record is greater than 32 kilobytes. |
EPERM |
The process does not have root user authority. |
ENOMEM |
Memory allocation failed. |
Implementation Specifics
This subroutine is part of Base Operating System (BOS) Runtime.
Related Information
The audit subroutine, auditbin subroutine, auditevents subroutine, auditobj subroutine, auditproc subroutine, auditwrite subroutine.
List of Security and Auditing Subroutines and Subroutines Overview in AIX Version 4.3 General Programming Concepts: Writing and Debugging Programs.
[ Next Article |
Previous Article |
Book Contents |
Library Home |
Legal |
Search ]