The AW_ARG token lets you write argument information to an audit record. This example writes the return value for the signature_request() function, which is really the first and only parameter to the return() call inside the function. The argument number follows the AW_ARG token, which is followed by descriptive text and the argument value.
retval = signature_request(); auditwrite(AW_EVENT, "AUE_second_signature", AW_ARG, 1, "Signature request return value", retval);
The viewing terminal shows this record where the return value is written as 0xffffffff:
header,137,3,second signature requested,,Fri Mar 21 08:51:19 1997,+ 329 msec argument,1,0xffffffff,Signature request return value subject,zelda,zelda,staff,zelda,staff,420,286,0 0 phoenix slabel,C return,success,0 |