Trusted Solaris Developer's Guide

Creating Audit Records in Parallel

Audit records are created with the default record descriptor unless record descriptors (AW_GETRD) are used (similar to file descriptors). This example uses record descriptors ad1 and ad2 to create two records in parallel, writes ad2 to the audit trail, and discards (AW_DISCARDRD) ad1. AW_DEFAULTRD (shown in the next example) switches record creation to the default record descriptor.

int ad1, ad2;
/* Get and use a record descriptor */
	auditwrite(AW_GETRD, &ad1, AW_END);
	auditwrite(AW_USERD, ad1, AW_END);

/* Append record information to the memory location at ad1 */
	auditwrite(AW_EVENT, "AUE_second_signature", AW_TEXT, "ad1 one", 
	AW_APPEND, AW_END);

/* Get second record descriptor */
	auditwrite(AW_GETRD, &ad2, AW_END);

/* Append record information to ad1 */
	auditwrite(AW_PATH, "/export/home/zelda/document_4_sig_req", 
	AW_APPEND, AW_END);

/* Use ad2 */
	auditwrite(AW_USERD, ad2, AW_END);

/* Append and write record at ad2 */
	auditwrite(AW_PATH, "/export/home/zelda/document_4_sig_ver", 
	AW_APPEND, AW_END);
	auditwrite(AW_EVENT, "AUE_second_signature_verify", 
	AW_WRITE, AW_END);

/* Discard ad1 */
	auditwrite(AW_DISCARDRD, ad1, AW_END);

The viewing terminal shows the following record:


header,141,2,second signature requested,,Wed Sep 11 11:16:29 1996,
 + 150 msec
path,/export/home/zelda/document_4_sig_ver
subject,zelda,zelda,staff,zelda,staff,1983,536,0 0 phoenix
slabel,C
return,success,0