DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

audit(S)


audit_close, audit_open, audit_read -- open and access audit session data records

Syntax

cc ... -laudit

int audit_close()

int audit_open (session) int session;

struct audit_header *audit_read()

Description

The audit_open routine provides an interface for opening an audit data session which has been previously collected on the system. The routine requires one argument, session, which indicates the audit session number. This may be acquired from a session list by using the auditsh(ADM) utility.

Once a session is open, audit_read sequentially retrieves audit records from the audit session data files. Each call returns a pointer to the next audit record header which identifies the record size, the record type, the event type, and other audit related information. The actual record formats are defined in audit(HW). The routine returns a NULL pointer if an error or end-of-file occurs.

Before another session may be accessed, use audit_close to terminate processing for the current session. Another session may then be opened.

Return value

Upon successful completion, audit_open and audit_close return a value of ``0''. Otherwise, they return a value of ``-1'' with errno set to indicate the appropriate error. audit_read returns a pointer to the next audit record on success. audit_read returns a NULL if an error occurs or EOF is encountered.

See also

auditsh(ADM), audit(HW), authaudit(S)

Standards conformance

audit_close, audit_open and audit_read are not part of any currently supported standard; they are extensions of AT&T System V provided by the Santa Cruz Operation.
© 2003 System Services (S)
SCO OpenServer Release 5.0.7 -- 11 February 2003