auditsvc(2) System Calls auditsvc(2)NAMEauditsvc - write audit log to specified file descriptor
SYNOPSIS
cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ]
#include <sys/param.h>
#include <bsm/audit.h>
int auditsvc(int fd, int limit);
DESCRIPTION
The auditsvc() function specifies the audit log file to the kernel. The
kernel writes audit records to this file until an exceptional condition
occurs and then the call returns. The fd argument is a file descriptor
that identifies the audit file. Applications should open this file for
writing before calling auditsvc().
The limit argument specifies the number of free blocks that must be
available in the audit file system, and causes auditsvc() to return
when the free disk space on the audit filesystem drops below this
limit. Thus, the invoking program can take action to avoid running out
of disk space.
The auditsvc() function does not return until one of the following con‐
ditions occurs:
· The process receives a signal that is not blocked or ignored.
· An error is encountered writing to the audit log file.
· The minimum free space (as specified by limit), has been reached.
RETURN VALUES
The auditsvc() function returns only on an error.
ERRORS
The auditsvc() function will fail if:
EAGAIN The descriptor referred to a stream, was marked for
System V-style non-blocking I/O, and no data could be
written immediately.
EBADF The fd argument is not a valid descriptor open for
writing.
EBUSY A second process attempted to perform this call.
EFBIG An attempt was made to write a file that exceeds the
process's file size limit or the maximum file size.
EINTR The call is forced to terminate prematurely due to the
arrival of a signal whose SV_INTERRUPT bit in sv_flags
is set (see sigvec(3UCB)). The signal(3C) function
sets this bit for any signal it catches.
EINVAL Auditing is disabled (see auditon(2)), or the fd argu‐
ment does not refer to a file of an appropriate type
(regular files are always appropriate.)
EIO An I/O error occurred while reading from or writing to
the file system.
ENOSPC The user's quota of disk blocks on the file system con‐
taining the file has been exhausted; audit filesystem
space is below the specified limit; or there is no free
space remaining on the file system containing the file.
ENXIO A hangup occurred on the stream being written to.
EPERM The {PRIV_SYS_AUDIT} privilege is not asserted in the
effective set of the calling process.
EWOULDBLOCK The file was marked for 4.2 BSD-style non-blocking I/O,
and no data could be written immediately.
USAGE
Only processes with appropriate privileges can execute this call suc‐
cessfully.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Obsolete │
├─────────────────────────────┼─────────────────────────────┤
│MT-Level │MT-Safe │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOauditd(1M), bsmconv(1M), audit(2), auditon(2), sigvec(3UCB),
audit.log(4), attributes(5), privileges(5)NOTES
The functionality described on this manual page is internal to
auditd(1M) and might not be supported in a future release.
The functionality described on this man page is available only if the
Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more
information.
SunOS 5.10 31 Mar 2005 auditsvc(2)