audgen(2)audgen(2)Nameaudgen - generate an audit record
audgen(event, tokenp, argv)
char *tokenp, *argv;
The system call generates an audit record, which gets placed in the
The argument event is an integer indicating the event type of the oper‐
ation being audited (see ). The value of event must be between
MIN_TRUSTED_EVENT and MIN_TRUSTED_EVENT+N_TRUSTED_EVENTS.
The argument tokenp is a null-terminated array of token types (see ),
each of which represents the type of argument referenced by the corre‐
sponding *argv argument.
The argument argv is a pointer to an array containing the actual argu‐
ments or pointers to those arguments that are to be recorded in the
audit record. A pointer to the actual argument is placed in that array
when the argument is a string, array, or other variable length struc‐
ture. Arguments represented as int's or short's are placed directly in
that array. Each member of the array must be word-aligned. You cannot
change the values for the audit_id, uid, ruid, pid, ppid, device, IP
address, or hostid (secondary tokens for these values are available).
Upon successful completion, returns a value of 0. Otherwise, it
returns a value of -1 and sets the global integer variable errno to
indicate the error.
The call is a privileged system call. No record is generated if the
specified event is not being audited for the current process. The max‐
imum number of arguments referenced by argv is AUD_NPARAM (8).
The system call fails under the following conditions:
[EACCES] The user is not privileged for this operation.
[EINVAL] The value supplied for the event, tokenp, or argv argu‐
ment is invalid.