AUDIT(S) UNIX System V AUDIT(S)
Name
audit_open, audit_read, audit_close - open and access audit
session data on a record basis
Syntax
int audit_open(session)
int session;
struct audit_header *audit_read()
int audit_close()
Description
Audit_open provides an interface for opening an audit data
session which has been previously collected on the system.
The routine requires one argument, session, which indicates
the audit session number. This may be acquired from a
session list by using the auditif(1M) interface program.
Once a session is open, audit_read() may be used to
sequentially retrieve audit records from the audit session
data files. Each call returns a pointer to the next audit
record header which identifies the record size, the record
type, the event type, and other audit related information.
The actual record formats are defined in audit(7). The
function returns a NULL pointer if an error or end-of-file
occurs.
Before another session may be accessed, audit_close() must
be used to terminate processing for the current session.
Another session may then be opened.
See Also
authaudit(S) audit(HW), ``Programming in a Secure
Environment'' in the Programmer's Guide.
DIAGNOSTICS
Upon successful completion, audit_open() and audit_close()
return 0. Otherwise, they return -1 with errno set to
indicate the error. Audit_read() returns a pointer to the
next audit record or NULL if an error occurs or EOF is
encountered.
Value Added
audit_close, audit_open and audit_read are extensions of
AT&T System V provided by the Santa Cruz Operation.
(printed 6/20/89)