The AW_EXEC_ARGS token lets you place the command line arguments stored in argv in the audit record.
main(argc, argv) int argc; char **argv; { /* Application code */ /* ... */ auditwrite(AW_EVENT, "AUE_second_signature", AW_EXEC_ARGS, argv AW_WRITE, AW_END); }
The viewing terminal shows this record when the program is executed as follows: program Hello World!:
header,120,3,second signature requested,,Fri Mar 21 09:31:01 1997, +989 msec exec_args,3, program,Hello World! subject,zelda,zelda,staff,zelda,staff,420,286,0 0 phoenix slabel,C return,success,0 |