auditsvc - write audit log to specified file descriptor
cc [ flag ... ] file... -lbsm -lsocket -lnsl -lintl [ library ... ]
int auditsvc(int fd, int limit);
The auditsvc() function specifies the audit log file to the
kernel. The kernel writes audit records to this file until
an exceptional condition occurs and then the call returns.
The fd argument is a file descriptor that identifies the
audit file. Applications should open this file for writing
before calling auditsvc().
The limit argument specifies the number of free blocks that
must be available in the audit file system, and causes
auditsvc() to return when the free disk space on the audit
filesystem drops below this limit. Thus, the invoking pro-
gram can take action to avoid running out of disk space.
The auditsvc() function does not return until one of the
following conditions occurs:
o The process receives a signal that is not blocked or
o An error is encountered writing to the audit log file.
o The minimum free space (as specified by limit), has
The auditsvc() function returns only on an error.
The auditsvc() function will fail if:
The descriptor referred to a stream, was marked for
System V-style non-blocking I/O, and no data could be
EBADF The fd argument is not a valid descriptor open for
EBUSY A second process attempted to perform this call.
EFBIG An attempt was made to write a file that exceeds the
process's file size limit or the maximum file size.
EINTR The call is forced to terminate prematurely due to the
arrival of a signal whose SV_INTERRUPT bit in sv_flags
is set (see sigvec(3UCB)). The signal(3C) function
sets this bit for any signal it catches.
Auditing is disabled (see auditon(2)), or the fd argu-
ment does not refer to a file of an appropriate type
(regular files are always appropriate.)
EIO An I/O error occurred while reading from or writing to
the file system.
The user's quota of disk blocks on the file system
containing the file has been exhausted; audit filesys-
tem space is below the specified limit; or there is no
free space remaining on the file system containing the
ENXIO A hangup occurred on the stream being written to.
EPERM The process's effective user ID is not superuser.
The file was marked for 4.2 BSD-style non-blocking
I/O, and no data could be written immediately.
Only processes with an effective user ID of superuser can
execute this call successfully.
When a UFS file system is mounted with logging enabled, file
system transactions that free blocks from files might not
actually add those freed blocks to the file system's free
list until some unspecified time in the future. This
behavior improves file system performance but does not con-
form to the POSIX, Single UNIX Specification, SPARC Confor-
mance Definition, System V Application Binary Interface,
System V Interface Definition, and X/Open Portability Guide
Standards, which require that freed space be available
immediately. To enable standards conformance regarding file
deletions or to address the problem of not being able to
grow files on a relatively full UFS file system even after
files have been deleted, disable UFS logging (see
See attributes(5) for descriptions of the following attri-
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Interface Stability | Stable |
| MT-Level | MT-Safe |
auditd(1M), bsmconv(1M), mount_ufs(1M), audit(2), audi-
ton(2), sigvec(3UCB), audit.log(4), attributes(5)
The functionality described in this man page is available
only if the Basic Security Module (BSM) has been enabled.
See bsmconv(1M) for more information.
Man(1) output converted with