Queueing Audit Records
To minimize system call overhead, audit records can be queued (AW_QUEUE) and written in one call to the auditwrite(3TSOL) routine. In this example, audit queueing is turned on in the first call to the auditwrite() routine and set to flush entire records when the queue contains 200 bytes of audit records. You can force the queue to flush with the AW_FLUSH token, and the queue automatically flushes whenever it is turned off with the AW_NOQUEUE token.
In this example, the queue flushes manually after the second record is added in spite of the fact that the queue does not yet have 200 data bytes. The queue flushes again at the end when queueing is turned off.
The byte limit does not cause partial records to be written to the audit trail. If the queue holds 200 bytes, all records from all calls to the auditwrite(3TSOL) routine are flushed in their entirety when the limit is reached including any data bytes over 200 that make a complete audit record.
/* Set up queue to flush every 140 bytes */ auditwrite(AW_QUEUE, 200, AW_END); /* Write records to the queue */ auditwrite(AW_EVENT, "AUE_second_signature", AW_TEXT, "First record in queue", AW_WRITE, AW_END); auditwrite(AW_EVENT, "AUE_second_signature_verify", AW_TEXT, "Second record in queue", AW_WRITE, AW_END); /* Flush the queue manually */ auditwrite(AW_FLUSH, AW_END); /* Add another record */ auditwrite(AW_EVENT, "AUE_second_signature", AW_TEXT, "Third record in queue", AW_WRITE, AW_END); /* End queueing and flush */ auditwrite(AW_NOQUEUE, AW_END);
The viewing terminal shows the following audit records:
header,204,3,second signature requested,,Mon Sep 09 10:26:28 1996, + 150 msec text,First record in queue subject,zelda,zelda,staff,zelda,staff,6098,5879,0 0 phoenix slabel,C return,success,0 header,204,4,second signature added,,Mon Sep 09 10:26:28 1996, + 152 msec text,Second record in queue subject,zelda,zelda,staff,zelda,staff,6098,5879,0 0 phoenix slabel,C return,success,0 header,204,5,second signature requested,,Mon Sep 09 10:26:28 1996, + 155 msec text,Third record in queue subject,zelda,zelda,staff,zelda,staff,6098,5879,0 0 phoenix slabel,C return,success,0 |
- © 2010, Oracle Corporation and/or its affiliates