NAME | SYNOPSIS | DESCRIPTION | FIELDS | OPTIONS | AW_DATA Format | AW_INADDR Format | AW_OPAQUE Format | AW_PATH Format | AW_RETURN Format | AW_SLABEL Format | AW_TEXT Format | ATTRIBUTES | EXAMPLES | SEE ALSO | NOTES
For a specified event, this command writes an audit record containing zero or more attributes. If no AW_RETURN attribute is specified, a successful return attribute (0,0) will be included in the audit record. Multiple -a or -f options can be specified on a single writeaudit call.
The name of the event to record in the audit record. This option must always be present. The name must be defined in audit_event file. See audit_event(4).
Add an attribute to the audit record. The type must be AW_DATA, AW_INADDR, AW_OPAQUE, AW_PATH, AW_RETURN, AW_SLABEL, or AW_TEXT. Valid formats for value are described below.
Add an attribute to the audit record. The type must be AW_DATA, AW_INADDR, AW_OPAQUE, AW_PATH, AW_RETURN, AW_SLABEL, or AW_TEXT. The value is read from the file filename. Valid formats for value are described below.
AW_DATA: printformat :itemsize :numberitems:item1: . . . itemN
The printformat field must be one of these:
Print data in binary
Print data in octal
Print data in decimal
Print data in hex
Print data as a string
The itemsize field must be one of these:
Data is in units of bytes
Data is in units of chars (1 byte)
Data is in units of shorts (2 bytes)
Data is in units of ints (4 bytes)
Data is in units of longs (4 bytes)
numberitems specifies the number of items to be printed and must be an integer in the range 1-255.
item1 through itemN specify the data fields to be printed and must be entered in hex (for example, 0xfff), octal (for example, 0777), or decimal.
AW_INADDR:hostname
hostname must be a valid hostname (for example, hamlet), or a standard IP address (for example, 129.150.117.44).
AW_OPAQUE:numberitems:item1: . . . itemN
numberitems specifies the number of items to be printed and must be an integer in the range 1-255.
item1 through itemN specify the fields to be printed and must be input in hex (for example, 0xfff), octal (for example, 0777), or decimal. Each field must not exceed 1 byte in length.
AW_PATH:path
path is a text string (for example, /usr/bin/).
AW_RETURN:status_value : return_value
status_value identifies the error status of the call and must be an integer in the range 0-255.
return_value identifies the call return value and must be an integer in the range 0-255.
AW_SLABEL:sensitivity_label
sensitivity_label must be a valid character-coded sensitivity label; for example, S AB or
0x7ffffffffffffffffffffffffffffffff\ fffffffffffffffffffffffffffffffffff |
AW_TEXT:string
string must be a text string; for example, successful change.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWtsu |
For the event, write an AUE_event record containing the string successful change:
For the event, read the text string from the file eventfile and write an AUE_event record (the file eventfile might, for example, contain the string successful change):
For the event, write an AUE_event record containing the specified arbitrary data:
This command must have the proc_audit_appl
privilege in its set of effective privileges. To translate labels (for example, type AW_SLABEL) that dominate the process's sensitivity label, this command must have
the priv_sys_trans_label
privilege in its set of effective privileges.
These interfaces are uncommitted. Although they are not expected to change between minor releases of the Trusted Solaris environment, they may.
NAME | SYNOPSIS | DESCRIPTION | FIELDS | OPTIONS | AW_DATA Format | AW_INADDR Format | AW_OPAQUE Format | AW_PATH Format | AW_RETURN Format | AW_SLABEL Format | AW_TEXT Format | ATTRIBUTES | EXAMPLES | SEE ALSO | NOTES