SunOS man pages : auditsvc (2)
System Calls auditsvc(2)
auditsvc - write audit log to specified file descriptor
cc [ flag ... ] file... -lbsm -lsocket -lnsl -lintl [ library ... ]
int auditsvc(int fd, int limit);
The auditsvc() function specifies the audit log file to the
kernel. The kernel writes audit records to this file until
an exceptional condition occurs and then the call returns.
The fd argument is a file descriptor that identifies the
audit file. Applications should open this file for writing
before calling auditsvc().
The limit argument specifies the number of free blocks that
must be available in the audit file system, and causes
auditsvc() to return when the free disk space on the audit
filesystem drops below this limit. Thus, the invoking pro-
gram can take action to avoid running out of disk space.
The auditsvc() function does not return until one of the
following conditions occurs:
o The process receives a signal that is not blocked or
o An error is encountered writing to the audit log file.
o The minimum free space (as specified by limit), has
The auditsvc() function returns only on an error.
The auditsvc() function will fail if:
The descriptor referred to a stream, was marked for
System V-style non-blocking I/O, and no data could be
EBADF The fd argument is not a valid descriptor open for
EBUSY A second process attempted to perform this call.
EFBIG An attempt was made to write a file that exceeds the
SunOS 5.8 Last change: 28 Dec 1996 1
System Calls auditsvc(2)
process's file size limit or the maximum file size.
EINTR The call is forced to terminate prematurely due to the
arrival of a signal whose SV_INTERRUPT bit in sv_flags
is set (see sigvec(3UCB)). The signal(3C) function
sets this bit for any signal it catches.
Auditing is disabled (see auditon(2)), or the fd argu-
ment does not refer to a file of an appropriate type
(regular files are always appropriate.)
EIO An I/O error occurred while reading from or writing to
the file system.
The user's quota of disk blocks on the file system
containing the file has been exhausted; audit filesys-
tem space is below the specified limit; or there is no
free space remaining on the file system containing the
ENXIO A hangup occurred on the stream being written to.
EPERM The process's effective user ID is not super-user.
The file was marked for 4.2 BSD-style non-blocking
I/O, and no data could be written immediately.
Only processes with an effective user ID of super-user may
execute this call successfully.
auditd(1M), bsmconv(1M), audit(2), auditon(2), sigvec(3UCB),
The functionality described in this man page is available
only if the Basic Security Module (BSM) has been enabled.
See bsmconv(1M) for more information.
SunOS 5.8 Last change: 28 Dec 1996 2