aud_sitevent man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

aud_sitevent(3)						       aud_sitevent(3)

NAME
       aud_sitevent, aud_sitevent_num - audit site event operations

SYNOPSIS
       aud_sitevent(
	       int event,
	       int subevent,
	       int *eventname,
	       char *subeventname ); aud_sitevent_num(
	       char *eventname,
	       char *subeventname,
	       int *ev_num,
	       int *subev_num );

LIBRARY
       Audit Library  - libaud.a and libaud.so

DESCRIPTION
       Audit site events are specific to and defined by a particular installa‐
       tion. For example, an installation could have its own database program,
       and  want  to have it use the audit subsystem.  To do so, the installa‐
       tion's database	events	and  subevents	would  be  registered  in  the
       /etc/sec/site_events file.

       The site_events file contains one entry for each site event.  Each site
       event entry can contain any number  of  subevents.   Both  preselection
       (see  auditmask(8))  and postreduction (see audit_tool(8)) capabilities
       are supported for site events.	Postreduction  capabilities  are  also
       supported for subevents.

       The  aud_sitevent  function,  when provided event and subevent numbers,
       copies the corresponding event and subevent names  into	eventname  and
       subeventname.   If  no  subevent	 for  that site event exists, subevent
       should be set to -1, and no subeventname will be copied.	  The  maximum
       length  of  an event or subevent name is AUD_MAXEVENT_LEN bytes. If the
       requested mapping does not exist, -1 is returned.

       The aud_sitevent_num function, when provided  eventname	and  subevent‐
       name, copies the corresponding event numbers into ev_num and subev_num.
       If no subevent for that site event exists, subeventname should  be  set
       to  the null string, and subev_num will be set to -1.  If the requested
       mapping does not exist, -1 is returned.

       Mappings between the event and subevent numbers and  names  are	placed
       into the file /etc/sec/site_events.  A sample file follows:

	    eventname 2048,
		 subevent0 0,
		 subevent1 1,
		 ...
		 subevent99 99;
	     my_rdb 2049,
		 rdb_creat 0,
		 rdb_open 1,
		 rdb_delete 2;
	     nosubeventevent 2050;

       Each  line  contains  an event or subevent name followed by its number.
       An event number must be between MIN_SITE_EVENT  (see  sys/audit.h)  and
       MIN_SITE_EVENT  +  the output of the sysconfig -q sec audit_site_events
       for the running kernel.	A subevent number must be a non-negative inte‐
       ger.   The  line is terminated either with a comma (,) if an associated
       subevent follows, or with a semicolon  (;)  if  no  further  associated
       subevents follow.

EXAMPLES
       The following example looks up the event and subevent numbers for event
       "my_rdb" and subevent "rdb_open", and generates an audit record if  the
       lookup succeeded:

       if ( aud_sitevent_num ( "my_rdb", "rdb_open",
					      &event, &subev ) == 0 )
	  audgenl ( event, T_SUBEVENT, subev, T_CHARP,
					      "sample rec", 0 );

SEE ALSO
       sysconfig(8), sysconfigdb(8)

       Security

       Programming Support Tools

							       aud_sitevent(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net