1.\"- 2.\" Copyright (c) 2005 Tom Rhodes 3.\" Copyright (c) 2005 Robert N. M. Watson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.2#9 $ 28.\" 29.Dd April 19, 2005 30.Dt AUDIT 2 31.Os 32.Sh NAME 33.Nm audit 34.Nd "commit BSM audit record to audit log" 35.Sh SYNOPSIS 36.In bsm/audit.h 37.Ft int 38.Fn audit "const char *record" "u_int length" 39.Sh DESCRIPTION 40The 41.Fn audit 42system call 43submits a completed BSM audit record to the system audit log. 44.Pp 45The 46.Fa record 47argument 48is a pointer to the specific event to be recorded and 49.Fa length 50is the size in bytes of the data to be written. 51.Sh RETURN VALUES 52.Rv -std 53.Sh ERRORS 54The 55.Fn audit 56system call will fail and the data never written if: 57.Bl -tag -width Er 58.It Bq Er EFAULT 59The 60.Fa record 61argument is beyond the allocated address space of the process. 62.It Bq Er EINVAL 63The token ID is invalid or 64.Va length 65is larger than 66.Dv MAXAUDITDATA . 67.It Bq Er EPERM 68The process does not have sufficient permission to complete 69the operation. 70.El 71.Sh SEE ALSO 72.Xr auditon 2 , 73.Xr getaudit 2 , 74.Xr getaudit_addr 2 , 75.Xr getauid 2 , 76.Xr setaudit 2 , 77.Xr setaudit_addr 2 , 78.Xr setauid 2 , 79.Xr libbsm 3 80.Sh HISTORY 81The OpenBSM implementation was created by McAfee Research, the security 82division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. 83It was subsequently adopted by the TrustedBSD Project as the foundation for 84the OpenBSM distribution. 85.Sh AUTHORS 86.An -nosplit 87This software was created by McAfee Research, the security research division 88of McAfee, Inc., under contract to Apple Computer Inc. 89Additional authors include 90.An Wayne Salamon , 91.An Robert Watson , 92and SPARTA Inc. 93.Pp 94The Basic Security Module (BSM) interface to audit records and audit event 95stream format were defined by Sun Microsystems. 96.Pp 97This manual page was written by 98.An Tom Rhodes Aq trhodes@FreeBSD.org . 99.Sh BUGS 100The 101.Fx 102kernel does not fully validate that the argument passed is syntactically 103valid BSM. 104Submitting invalid audit records may corrupt the audit log. 105