Return Token

The Return token is AW_RETURN and takes a number (success or fail) and a return value. By default the return token indicates success and shows a return value of 0. You will want to set the return token value just before passing the token to the auditwrite(3TSOL) routine.

The return value affects whether or not the audit record is logged to the audit trail. If the process preselection mask audits the class to which the event belongs for failures only, a successful event is not logged. If the process preselection mask audits the class to which the event belongs for success only, a failed event is not logged. If the process preselection mask audits the class to which the event belongs for success and failure, successful and failed events are both logged. Also, the auditreduce(1M) post-selection program selects audit records by the success or failure value in the record's return token.

This example creates part of an audit record showing that a second signature was requested by the system. The signature_request() function attempts to obtain the signature and returns information on the success or failure of the attempt and sets the signature_request and retval parameters. The succ_or_fail parameter is set according to the value in signature_request and it and retval are passed as values for the AW_RETURN token.

char succ_or_fail;
u_int retval;

auditwrite(AW_TEXT, "Second signature needed,"
	AW_APPEND, AW_END);

if (signature_request() == -1) {
	succ_or_fail = -1;
	retval = -2;
} else {
	succ_or_fail = 0;
	retval = 1;
}

auditwrite(AW_EVENT, "AUE_second_signature",
	AW_RETURN succ_or_fail, retval,
	AW_WRITE, AW_END);

The signature was not obtained and the viewing terminal shows this record:

header,128,2,second signature requested,,Wed 
  Sep 11 10:17:37 1996, + 239 msec
text, Second signature needed
return,failure,-2
subject,zelda,zelda,staff,zelda,staff,1905,536,0 0 phoenix
slabel,C