xref: /freebsd/contrib/openbsm/man/audit.2 (revision acd3428b7d3e94cef0e1881c868cb4b131d4ff41)
1.\"-
2.\" Copyright (c) 2005 Tom Rhodes
3.\" Copyright (c) 2005 Robert N. M. Watson
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#6 $
28.\"
29.Dd April 19, 2005
30.Dt AUDIT 2
31.Os
32.Sh NAME
33.Nm audit
34.Nd "Commit a BSM audit record to the audit log"
35.Sh SYNOPSIS
36.In bsm/audit.h
37.Ft int
38.Fn audit "const char *record" "u_int length"
39.Sh DESCRIPTION
40.Fn audit
41submits a completed BSM audit record to the system audit log.
42.Pp
43.Fa record
44is a pointer to the the specific event to be recorded and
45.Vt length
46is the size in bytes of the data to be written.
47.Sh RETURN VALUES
48.Rv -std
49.Sh ERRORS
50The
51.Fn audit
52system call will fail and the data never written if:
53.Bl -tag -width Er
54.It Bq Er EFAULT
55The
56.Fa record
57argument is beyond the allocated address space of the process.
58.It Bq Er EINVAL
59The token ID is invalid or
60.Vt length
61is larger than
62.Vt MAXAUDITDATA .
63.It Bq Er EPERM
64The process does not have sufficient permission to complete
65the operation.
66.El
67.Sh SEE ALSO
68.Xr auditon 2 ,
69.Xr getauid 2 ,
70.Xr setauid 2 ,
71.Xr getaudit 2 ,
72.Xr setaudit 2 ,
73.Xr getaudit_addr 2 ,
74.Xr setaudit_addr 2 ,
75.Xr libbsm 3
76.Sh AUTHORS
77This software was created by McAfee Research, the security research division
78of McAfee, Inc., under contract to Apple Computer Inc.
79Additional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.
80.Pp
81The Basic Security Module (BSM) interface to audit records and audit event
82stream format were defined by Sun Microsystems.
83.Pp
84This manual page was written by
85.An Tom Rhodes Aq trhodes@FreeBSD.org .
86.Sh HISTORY
87The OpenBSM implementation was created by McAfee Research, the security
88division of McAfee Inc., under contract to Apple Computer Inc. in 2004.
89It was subsequently adopted by the TrustedBSD Project as the foundation for
90the OpenBSM distribution.
91.Sh BUGS
92The
93.Fx
94kernel does not fully validate that the argument passed is syntactically
95valid BSM.
96Submitting invalid audit records may corrupt the audit log.
97