The auditsvc() function specifies the audit log file to the kernel. The kernel writes audit records to this file until an exceptional condition occurs and then the call
returns. The fd argument is a file descriptor that identifies the audit file. Applications should open this file for writing before calling auditsvc().
The limit argument specifies the number of free blocks that must be available in the audit file system, and causes auditsvc() to return when the free disk space on the audit filesystem drops below this limit. Thus, the invoking program can take action to
avoid running out of disk space.
The auditsvc() function does not return until one of the following conditions occurs:
- The process receives a signal that is not blocked or ignored.
- An error is encountered writing to the audit log file.
- The minimum free space (as specified by limit), has been reached.
|