*** UNIX MANUAL PAGE BROWSER ***

aud_sitevent(3) Library Functions Manual aud_sitevent(3) NAME aud_sitevent, aud_sitevent_num - audit site event operations LIBRARY Audit Library - libaud.a SYNOPSIS aud_sitevent( int event, int subevent, int *eventname, char *subeventname); aud_sitevent_num( char *eventname, char *subeventname, int *ev_num, int *subev_num); DESCRIPTION Audit site events are specific to and defined by a particular installa- tion. For example, an installation could have its own database pro- gram, and want to have it use the audit subsystem. To do so, the in- stallation's database events and subevents would be registered in the /etc/sec/site_events file. The site_events file contains one entry for each site event. Each site event entry can contain any number of subevents. Both preselection (see auditmask(8)) and postreduction (see audit_tool(8)) capabilities are supported for site events. Postreduction capabilities are also supported for subevents. The aud_sitevent function, when provided event and subevent numbers, copies the corresponding event and subevent names into eventname and subeventname. If no subevent for that site event exists, subevent should be set to -1, and no subeventname will be copied. The maximum length of an event or subevent name is AUD_MAXEVENT_LEN bytes. If the requested mapping does not exist, -1 is returned. The aud_sitevent_num function, when provided eventname and subevent- name, copies the corresponding event numbers into ev_num and subev_num. If no subevent for that site event exists, subeventname should be set to the null string, and subev_num will be set to -1. If the requested mapping does not exist, -1 is returned. Mappings between the event and subevent numbers and names are placed into the file /etc/sec/site_events. A sample file follows: eventname 2048, subevent0 0, subevent1 1, ... subevent99 99; my_rdb 2049, rdb_creat 0, rdb_open 1, rdb_delete 2; nosubeventevent 2050; Each line contains an event or subevent name followed by its number. An event number must be between MIN_SITE_EVENT (see sys/audit.h) and MIN_SITE_EVENT + N_SITE_EVENTS (see /sys/data/audit_data.c). A subevent number must be a non-negative integer. The line is terminated either with a comma (,) if an associated subevent follows, or with a semicolon (;) if no further associated subevents follow. EXAMPLES The following example looks up the event and subevent numbers for event "my_rdb" and subevent "rdb_open", and generates an audit record if the lookup succeeded: if ( aud_sitevent_num ( "my_rdb", "rdb_open", &event, &subev ) == 0 ) audgenl ( event, T_SUBEVENT, subev, T_CHARP, "sample rec", 0 ); RELATED INFORMATION Security Programming Support Tools delim off aud_sitevent(3)