auditsvc - write audit log to specified file descriptor


     cc [ flag ... ] file... -lbsm -lsocket -lnsl -lintl [ library ... ]
     #include <sys/param.h>
     #include <bsm/audit.h>

     int auditsvc(int fd, int limit);


     The auditsvc() function specifies the audit log file to  the
     kernel.  The  kernel writes audit records to this file until
     an exceptional condition occurs and then the  call  returns.
     The  fd  argument  is  a file descriptor that identifies the
     audit file. Applications should open this file  for  writing
     before calling auditsvc().

     The limit argument specifies the number of free blocks  that
     must  be  available  in  the  audit  file system, and causes
     auditsvc() to return when the free disk space on  the  audit
     filesystem  drops  below this limit. Thus, the invoking pro-
     gram can take action to avoid running out of disk space.

     The auditsvc() function does not return  until  one  of  the
     following conditions occurs:

        o  The process receives a signal that is not  blocked  or

        o  An error is encountered writing to the audit log file.

        o  The minimum free space (as specified  by  limit),  has
           been reached.


     The auditsvc() function returns only on an error.


     The auditsvc() function will fail if:

           The descriptor referred to a stream,  was  marked  for
           System  V-style non-blocking I/O, and no data could be
           written immediately.

     EBADF The fd argument is not a  valid  descriptor  open  for

     EBUSY A second process attempted to perform this call.

     EFBIG An attempt was made to write a file that  exceeds  the
           process's file size limit or the maximum file size.

     EINTR The call is forced to terminate prematurely due to the
           arrival of a signal whose SV_INTERRUPT bit in sv_flags
           is set  (see sigvec(3UCB)).  The  signal(3C)  function
           sets this bit for any signal it catches.

           Auditing is disabled (see auditon(2)), or the fd argu-
           ment  does  not refer to a file of an appropriate type
           (regular files are always appropriate.)

     EIO   An I/O error occurred while reading from or writing to
           the file system.

           The user's quota of disk blocks  on  the  file  system
           containing the file has been exhausted; audit filesys-
           tem space is below the specified limit; or there is no
           free space remaining on the file system containing the

     ENXIO A hangup occurred on the stream being written to.

     EPERM The process's effective user ID is not superuser.

           The file was marked  for  4.2  BSD-style  non-blocking
           I/O, and no data could be written immediately.


     Only processes with an effective user ID  of  superuser  can
     execute this call successfully.

     When a UFS file system is mounted with logging enabled, file
     system  transactions  that  free blocks from files might not
     actually add those freed blocks to the  file  system's  free
     list  until  some  unspecified  time  in  the  future.  This
     behavior improves file system performance but does not  con-
     form  to the POSIX, Single UNIX Specification, SPARC Confor-
     mance Definition, System  V  Application  Binary  Interface,
     System  V Interface Definition, and X/Open Portability Guide
     Standards, which  require  that  freed  space  be  available
     immediately.  To enable standards conformance regarding file
     deletions or to address the problem of  not  being  able  to
     grow  files  on a relatively full UFS file system even after
     files  have  been  deleted,   disable   UFS   logging   (see


     See attributes(5) for descriptions of the  following  attri-
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Interface Stability         | Stable                      |
    | MT-Level                    | MT-Safe                     |


     auditd(1M),  bsmconv(1M),  mount_ufs(1M),  audit(2),   audi-
     ton(2), sigvec(3UCB), audit.log(4), attributes(5)


     The functionality described in this man  page  is  available
     only  if  the  Basic Security Module (BSM) has been enabled.
     See bsmconv(1M) for more information.

Man(1) output converted with man2html