NAME

au_open, au_close, au_write - construct and write audit records

SYNOPSIS

cc [ flag . . . ] file . . . -lbsm -lsocket -lnsl -lintl [ library . . . ]

#include <bsm/libbsm.h>
int au_close(int d, int keep, short event);
int au_open(void);
int au_write(int d, token_t * m);

MT-LEVEL

Safe.

AVAILABILITY

The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.

DESCRIPTION

au_open( ) allocates an audit record descriptor to which audit tokens can be written using au_write( ).

au_close( ) terminates the life of an audit record d of type event started by au_open( ). If the keep parameter is zero, the data contained therein is discarded and the memory used is given up by calling free(3C). Otherwise, the additional parameters are used to create a header token. Depending on the audit policy information obtained by auditon(2), additional tokens such as sequence and trailer tokens may be added to the record. au_close( ) finally writes the record to the audit trail by calling audit(2).

au_write( ) adds the audit token pointed to by m to the audit record identified by the descriptor d. After this call is made the audit token is no longer available to the caller.

RETURN VALUES

A successful invocation for all calls will return a 0 .

au_open( ) returns -1 if a descriptor could not be allocated. au_close( ) and au_write( ) return -1 if d is not a valid descriptor or if audit(2) experienced an error. In the latter case, errno is set to indicate the error.

SEE ALSO

bsmconv(1M), audit(2), auditon(2), au_preselect(3), au_to (3),free(3C)