|
Security and Auditing Library Functions | au_open(3BSM) |
| au_open, au_close, au_write - construct and write audit records |
SYNOPSIS
|
cc [ flag ... ] file ... -lbsm -lsocket -lnsl -lintl [ library ... ]
#include <bsm/libbsm.h> int au_close(int d, int keep, short event); |
| int au_write(int d, token_t *m); |
|
The au_open() function returns an audit record descriptor to which audit tokens can be written using au_write(). The audit record descriptor is an integer value that identifies a storage area where audit
records are accumulated.
The au_close() function terminates the life of an audit record d of type event started by au_open(). If the keep parameter is AU_TO_NO_WRITE, the data contained
therein is discarded. If the keep parameter is AU_TO_WRITE, the additional parameters are used to create a header token. Depending on the audit policy information obtained by auditon(2), additional tokens such as sequence and trailer tokens can be added to the record. The au_close() function then writes the record to the audit trail by calling audit(2). Any memory used is freed by calling free(3C).
The au_write() function adds the audit token pointed to by m to the audit record identified by the descriptor d. After this call is made the audit token is no longer available to the caller.
|
|
Upon successful completion, au_open() returns an audit record descriptor. If a descriptor could not be allocated, au_open() returns -1 and sets errno to indicate the error.
Upon successful completion, au_close() returns 0. If d is an invalid or corrupted descriptor or if audit() fails, au_close() returns -1 without setting errno. If audit() fails, errno is set to one of the error values described on the audit(2) manual page.
Upon successful completion, au_write() returns 0. If d is an invalid descriptor or m is an invalid token, or if audit() fails, au_write() returns -1 without setting errno. If audit() fails, errno is set to one of the error values described on the audit(2) manual page.
|
|
The au_open() function will fail if:
-
ENOMEM
- The physical limits of the system have been exceeded such that sufficient memory cannot be allocated.
-
EAGAIN
- There is currently insufficient memory available. The application can try again later.
|
|
See attributes (5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Stable |
MT-Level | MT-Safe |
|
|
The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
|
| |