satwrite(2)                                                        satwrite(2)


NAME
     satwrite, satvwrite - write a block of audit record data

C SYNOPSIS
     #include <sys/sat.h>
     int satwrite (int event, int outcome, char *buffer, unsigned nbytes)

     #include <stdarg.h> #include <sat.h>
     int satvwrite (int event, int outcome, char *format, ...)

DESCRIPTION
     satwrite writes nbytes bytes to the security audit trail record queue
     from the buffer pointed to by buffer.

     satvwrite is a more convenient libc interface for generating audit
     records, which are generally text strings.  Format is a printf-like
     format string, followed by a variable number of arguments.  See
     printf(3S) for more information on the possible formatting characters.

     Event must be equal to one of the SAT record type constants for
     administrative events, as defined in /usr/include/sys/sat.h. Permissible
     values are:

     SAT_AE_AUDIT        satwrite is called by audit subsystem utilities.

     SAT_AE_IDENTITY     satwrite is called by programs in the identification
                         and authentication subsystem.

     SAT_AE_DBEDIT       satwrite is called by the program which edits
                         administrative databases.

     SAT_AE_MOUNT        satwrite is called by the programs which mount
                         filesystems.

     SAT_AE_CUSTOM       satwrite is called by customer written self auditing
                         applications.

     outcome should be equal to SAT_SUCCESS or SAT_FAILURE, as defined in
     /usr/include/sys/sat.h. satwrite interprets any value other than
     SAT_FAILURE as an alternate representation of SAT_SUCCESS.

     Buffer should contain audit data in human readable form.  Although there
     are no restrictions on its content, sat_interpret(1m) always interprets
     the data as a null-terminated string.

ERRORS
     satwrite fails if these conditions are true:

     [ENOPKG]       Audit is not configured on this system.


     [EPERM]        The caller does not have CAP_AUDIT_WRITE capability.

     [EINVAL]       buffer is null, or nbytes is greater than
                    SAT_MAX_USER_REC.

     [EDOM]         event is not one of the permitted values.

     [EFAULT]       data can't be copied from buffer into the kernel.

RETURN VALUE
     A return value of -1 indicates an error and errno is set to indicate the
     error.  Otherwise 0 is returned.

SEE ALSO
     sat_echo(1m), satoff(2), saton(2), satread(2), satstate(2), printf(3S)


                                                                        Page 2