Mac OS X Developer Tools Manual Page For audit(2)

ADC Home > Reference Library > Reference > Mac OS X > Mac OS X Man Pages

This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

This manual page is associated with the Mac OS X developer tools. The software or headers described may not be present on your Mac OS X installation until you install the developer tools package. This package is available on your Mac OS X installation DVD, and the latest versions can be downloaded from developer.apple.com.

For more information about the manual page format, see the manual page for manpages(5).


AUDIT(2)                    BSD System Calls Manual                   AUDIT(2)

NAME
     audit -- submit a record to the kernel for auditing

SYNOPSIS
     #include <bsm/audit.h>

     int
     audit(const void * record, int length);

DESCRIPTION
     The audit() function submits a record to the kernel for inclusion in the global audit trail. The record
     must already be in BSM format. To protect the integrity of the audit trail, this system call must be
     made with sufficient privileges.  Libbsm can be used to create and manipulate BSM data.  Length is the
     length in bytes of the BSM record and record points to the data.

RETURN VALUES
     Upon successful completion a value of 0 is returned.  Otherwise, a value of -1 is returned and errno is
     set to indicate the error.

ERRORS
     The audit() system call will fail if:

     [EINVAL]           Length is greater than MAX_AUDIT_RECORD_SIZE, less than zero, greater than the
                        internal buffer size, or the record fails verification.

     [ENOTSUP]          The security auditing service is not available.

     [EPERM]            The call was made with insufficient privileges to complete.

SEE ALSO
     auditon(2), auditctl(2), getauid(2), setauid(2), getaudit(2), setaudit(2)

HISTORY
     The audit() function call first appeared in Mac OS X 10.3 (Panther).

Darwin                           July 30, 2007                          Darwin

Did this document help you?
Yes: Tell us what works for you. It’s good, but: Report typos, inaccuracies, and so forth. It wasn’t helpful: Tell us what would have helped.