The arg token contains system call argument information: the argument number of the system call, the augment value, and an optional description. This token allows a 32-bit integer system-call argument in an audit record. The arg token has five fields:
a token ID that identifies this token as an arg token
an argument ID that tells which system call argument the token refers to
the argument value
the length of the descriptive text string
the text string
The praudit command displays the arg token as follows:
argument,1,0x00000000,addr |
The following figure shows the format of the arg token.