'\" te
.\" Copyright (c) 2008, Sun Microsystems, Inc.  All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH AUDIT 2 "Apr 16, 2008"
.SH NAME
audit \- write a record to the audit log
.SH SYNOPSIS
.LP
.nf
cc [ \fIflag\fR ... ] \fIfile\fR ... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR  [ \fIlibrary\fR... ]
#include <sys/param.h>
#include <bsm/libbsm.h>

\fBint\fR \fBaudit\fR(\fBcaddr_t\fR \fIrecord\fR, \fBint\fR \fIlength\fR);
.fi

.SH DESCRIPTION
.sp
.LP
The \fBaudit()\fR function queues a record for writing to the system audit log.
The data pointed to by \fIrecord\fR is queued for the log after a minimal
consistency check, with the \fIlength\fR parameter specifying the size of the
record  in bytes. The data should be a well-formed audit  record as described
by \fBaudit.log\fR(4).
.sp
.LP
The kernel validates the record header token type and length,  and sets the
time stamp value before writing the record to the audit log. The kernel does
not do any preselection for user-level generated events. If the audit policy is
set to  include sequence or trailer tokens, the kernel will append  them to the
record.
.SH RETURN VALUES
.sp
.LP
Upon successful completion, \fB0\fR is returned.  Otherwise, \fB\(mi1\fR is
returned and \fBerrno\fR is set to indicate the error.
.SH ERRORS
.sp
.LP
The \fBaudit()\fR function will fail if:
.sp
.ne 2
.na
\fB\fBE2BIG\fR\fR
.ad
.RS 11n
The record length is greater than the maximum allowed record length.
.RE

.sp
.ne 2
.na
\fB\fBEFAULT\fR\fR
.ad
.RS 11n
The \fIrecord\fR argument points outside the process's allocated address space.
.RE

.sp
.ne 2
.na
\fB\fBEINVAL\fR\fR
.ad
.RS 11n
The header token in the record is invalid.
.RE

.sp
.ne 2
.na
\fB\fBENOTSUP\fR\fR
.ad
.RS 11n
Solaris Audit is not defined for this system.
.RE

.sp
.ne 2
.na
\fB\fBEPERM\fR\fR
.ad
.RS 11n
The {\fBPRIV_PROC_AUDIT\fR} privilege is not asserted in the effective set of
the calling process.
.RE

.SH USAGE
.sp
.LP
Only privileged processes can successfully execute this call.
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	Committed
_
MT-Level	MT-Safe
.TE

.SH SEE ALSO
.sp
.LP
\fBbsmconv\fR(1M), \fBaudit\fR(1M), \fBauditd\fR(1M), \fBsvcadm\fR(1M),
\fBauditon\fR(2), \fBgetaudit\fR(2), \fBaudit.log\fR(4), \fBattributes\fR(5),
\fBprivileges\fR(5)
.SH NOTES
.sp
.LP
The functionality described in this man page is available only if the Solaris
Auditing has been enabled and the audit daemon \fBauditd\fR(1M) has not been
disabled by \fBaudit\fR(1M) or \fBsvcadm\fR(1M). See \fBbsmconv\fR(1M) for more
information.