1.\"- 2.\" Copyright (c) 2005 Tom Rhodes 3.\" Copyright (c) 2005 Robert N. M. Watson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.Dd April 19, 2005 28.Dt AUDIT 2 29.Os 30.Sh NAME 31.Nm audit 32.Nd "commit BSM audit record to audit log" 33.Sh SYNOPSIS 34.In bsm/audit.h 35.Ft int 36.Fn audit "const char *record" "u_int length" 37.Sh DESCRIPTION 38The 39.Fn audit 40system call 41submits a completed BSM audit record to the system audit log. 42.Pp 43The 44.Fa record 45argument 46is a pointer to the specific event to be recorded and 47.Fa length 48is the size in bytes of the data to be written. 49.Sh RETURN VALUES 50.Rv -std 51.Sh ERRORS 52The 53.Fn audit 54system call will fail and the data never written if: 55.Bl -tag -width Er 56.It Bq Er EFAULT 57The 58.Fa record 59argument is beyond the allocated address space of the process. 60.It Bq Er EINVAL 61The token ID is invalid or 62.Va length 63is larger than 64.Dv MAXAUDITDATA . 65.It Bq Er EPERM 66The process does not have sufficient permission to complete 67the operation. 68.El 69.Sh SEE ALSO 70.Xr auditon 2 , 71.Xr getaudit 2 , 72.Xr getaudit_addr 2 , 73.Xr getauid 2 , 74.Xr setaudit 2 , 75.Xr setaudit_addr 2 , 76.Xr setauid 2 , 77.Xr libbsm 3 78.Sh HISTORY 79The OpenBSM implementation was created by McAfee Research, the security 80division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. 81It was subsequently adopted by the TrustedBSD Project as the foundation for 82the OpenBSM distribution. 83.Sh AUTHORS 84.An -nosplit 85This software was created by McAfee Research, the security research division 86of McAfee, Inc., under contract to Apple Computer Inc. 87Additional authors include 88.An Wayne Salamon , 89.An Robert Watson , 90and SPARTA Inc. 91.Pp 92The Basic Security Module (BSM) interface to audit records and audit event 93stream format were defined by Sun Microsystems. 94.Pp 95This manual page was written by 96.An Tom Rhodes Aq trhodes@FreeBSD.org . 97.Sh BUGS 98The 99.Fx 100kernel does not fully validate that the argument passed is syntactically 101valid BSM. 102Submitting invalid audit records may corrupt the audit log. 103