.\" .\" Copyright (c) 2007 Apple Inc. All rights reserved. .\" .\" @APPLE_LICENSE_HEADER_START@ .\" .\" This file contains Original Code and/or Modifications of Original Code .\" as defined in and that are subject to the Apple Public Source License .\" Version 2.0 (the 'License'). You may not use this file except in .\" compliance with the License. Please obtain a copy of the License at .\" http://www.opensource.apple.com/apsl/ and read it before using this .\" file. .\" .\" The Original Code and all software distributed under the License are .\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER .\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, .\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, .\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. .\" Please see the License for the specific language governing rights and .\" limitations under the License. .\" .\" @APPLE_LICENSE_HEADER_END@ .\" .Dd July 30, 2007 .Dt AUDIT 2 .Os Darwin .Sh NAME .Nm audit .Nd submit a record to the kernel for auditing .Sh SYNOPSIS .Fd #include <bsm/audit.h> .Ft int .Fn audit "const void * record" "int length" .Sh DESCRIPTION The .Fn audit function submits a record to the kernel for inclusion in the global audit trail. The record must already be in BSM format. To protect the integrity of the audit trail, this system call must be made with sufficient privileges. .Fa Libbsm can be used to create and manipulate BSM data. .Fa Length is the length in bytes of the BSM record and .Fa record points to the data. .Sh RETURN VALUES Upon successful completion a value of 0 is returned. Otherwise, a value of -1 is returned and .Va errno is set to indicate the error. .Sh ERRORS .Bl -tag -width Er The .Fn audit system call will fail if: .\" =========== .It Bq Er EINVAL .Fa Length is greater than MAX_AUDIT_RECORD_SIZE, less than zero, greater than the internal buffer size, or the record fails verification. .\" =========== .It Bq Er ENOTSUP The security auditing service is not available. .\" =========== .It Bq Er EPERM The call was made with insufficient privileges to complete. .\" =========== .El .Sh SEE ALSO .Xr auditon 2 , .Xr auditctl 2 , .Xr getauid 2 , .Xr setauid 2 , .Xr getaudit 2 , .Xr setaudit 2 .Sh HISTORY The .Fn audit function call first appeared in Mac OS X 10.3 (Panther).