Audit records are created with the default record descriptor unless record descriptors (AW_GETRD) are used (similar to file descriptors). This example uses record descriptors ad1 and ad2 to create two records in parallel, writes ad2 to the audit trail, and discards (AW_DISCARDRD) ad1. AW_DEFAULTRD (shown in the next example) switches record creation to the default record descriptor.
int ad1, ad2; /* Get and use a record descriptor */ auditwrite(AW_GETRD, &ad1, AW_END); auditwrite(AW_USERD, ad1, AW_END); /* Append record information to the memory location at ad1 */ auditwrite(AW_EVENT, "AUE_second_signature", AW_TEXT, "ad1 one", AW_APPEND, AW_END); /* Get second record descriptor */ auditwrite(AW_GETRD, &ad2, AW_END); /* Append record information to ad1 */ auditwrite(AW_PATH, "/export/home/zelda/document_4_sig_req", AW_APPEND, AW_END); /* Use ad2 */ auditwrite(AW_USERD, ad2, AW_END); /* Append and write record at ad2 */ auditwrite(AW_PATH, "/export/home/zelda/document_4_sig_ver", AW_APPEND, AW_END); auditwrite(AW_EVENT, "AUE_second_signature_verify", AW_WRITE, AW_END); /* Discard ad1 */ auditwrite(AW_DISCARDRD, ad1, AW_END);
The viewing terminal shows the following record:
header,141,2,second signature requested,,Wed Sep 11 11:16:29 1996, + 150 msec path,/export/home/zelda/document_4_sig_ver subject,zelda,zelda,staff,zelda,staff,1983,536,0 0 phoenix slabel,C return,success,0 |