The arg token contains information about the arguments to a system call: the argument number of the system call, the argument value, and an optional description. This token allows a 32-bit integer system-call argument in an audit record. The arg token has five fields:
A token ID that identifies this token as an arg token
An argument ID that tells which system call argument that the token refers to
The argument value
The length of the descriptive text string
The text string
The praudit command displays the arg token as follows:
argument,1,0x00000000,addr |
The following figure shows the format of the arg token.