Name

audgen − generate an audit record

Syntax

audgen(event, tokenp, argv)
int event;
char *tokenp, *argv[];

Description

The audgen system call generates an audit record, which gets placed in the auditlog.

The argument event is an integer indicating the event type of the operation being audited (see audit.h ).  The value of event must be between MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT+N_TRUSTED_EVENTS. 

The argument tokenp is a null-terminated array of token types (see audit.h ), each of which represents the type of argument referenced by the corresponding *argv argument. 

The argument argv is a pointer to an array containing the actual arguments or pointers to those arguments that are to be recorded in the audit record.  A pointer to the actual argument is placed in that array when the argument is a string, array, or other variable length structure.  Arguments represented as int’s or short’s are placed directly in that array.  Each member of the array must be word-aligned.  You cannot change the values for the audit_id, uid, ruid, pid, ppid, device, IP address, or hostid (secondary tokens for these values are available). 

Return Values

Upon successful completion, audgen returns a value of 0. Otherwise, it returns a value of −1 and sets the global integer variable errno to indicate the error. 

Restrictions

The audgen call is a privileged system call. No record is generated if the specified event is not being audited for the current process.  The maximum number of arguments referenced by argv is AUD_NPARAM (8). 

Diagnostics

The audgen system call fails under the following conditions:

[EACCES] The user is not privileged for this operation. 

[EINVAL] The value supplied for the event, tokenp, or argv argument is invalid.