tail head cat sleep
QR code linking to this page

Manual Pages  — AU_EVENT

NAME

free_au_event_ent, setauevent, endauevent, getauevent, getauevent_r, getauevnam, getauevnam_r, getauevnum, getauevnum_r, getauevnonam, getauevnonam_r – look up information from the audit_event database

CONTENTS

LIBRARY

Basic Security Module User Library (libbsm, -lbsm)

SYNOPSIS

#include <bsm/libbsm.h>

void
setauevent(void);

void
endauevent(void);

struct au_event_ent *
getauevent(void);

struct au_event_ent *
getauevent_r(struct au_event_ent *e);

struct au_event_ent *
getauevnam(const char *name);

struct au_event_ent *
getauevnam_r(struct au_event_ent *e, const char *name);

struct au_event_ent *
getauevnum(au_event_t event_number);

struct au_event_ent *
getauevnum_r(struct au_event_ent *e, au_event_t event_number);

au_event_t *
getauevnonam(const char *event_name);

au_event_t *
getauevnonam_r(au_event_t *ev, const char *event_name);

DESCRIPTION

These interfaces may be used to look up information from the audit_event(5) database, which describes audit events. Entries in the database are described by struct au_event_ent entries, which are returned by calls to getauevent(), getauevnam(), or getauevnum(). It is also possible to look up an event number via a call to getauevnonam().

The setauevent() function resets the database access session for audit_event(5), so that the next call to getauevent() will start with the first entry in the database.

The endauevent() function closes the audit_event(5) database session.

The getauevent() function returns a reference to the next entry in the audit_event(5) database.

The getauevnam() function returns a reference to the entry in the audit_event(5) database with a name of name.

getauevnum() returns a reference to the entry in the audit_event(5) database with an event number of event_number.

The getauevnonam() function returns a reference to an audit event number using the audit_event(5) database.

RETURN VALUES

Functions getauevent(), getauevent_r(), getauevnam(), getauevnam_r(), getauevnum(), getauevnum_r(), and getauevnonam() will return a reference to a struct au_event_ent or au_event_t on success, or NULL on failure, with errno set to provide further error information.

SEE ALSO

libbsm(3), audit_event(5)

HISTORY

The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.

AUTHORS

This software was created by Robert Watson, Wayne Salamon, and Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc.

The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.

BUGS

The errno variable is not always properly set following a failure.

These routines are thread-safe, but not re-entrant, so simultaneous or interleaved use of these functions will affect the iterator.


AU_EVENT (3) April 19, 2005

tail head cat sleep
QR code linking to this page


Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

There are 10 types of people in the world: those who understand binary, and those who don't.