Gets or sets the audit state of a process.
Standard C Library (libc.a)
The auditproc subroutine queries or sets the auditing state of a process. There are two parts to the auditing state of a process:
Item | Description |
---|---|
ProcessID | The process ID of the process to be affected. If ProcessID is 0, the auditproc subroutine affects the current process. |
Command | The action to be taken. Defined in the audit.h file,
valid values include:
|
Argument | A character pointer for the audit class buffer for an AUDIT_EVENT or AUDIT_QEVENTS value of the Command parameter or an integer defining the audit status to be set for an AUDIT_STATUS operation. |
Length | Size of the audit class character buffer. |
The auditproc subroutine returns the following values upon successful completion:
If the auditproc subroutine fails if one or more of the following are true:
Item | Description |
---|---|
EINVAL | An invalid value was specified for the Command parameter. |
EINVAL | The Command parameter is set to the AUDIT_QSTATUS or AUDIT_STATUS value and the pid value is nonzero. |
EINVAl | The Command parameter is set to the AUDIT_STATUS value and the Argument parameter is not set to AUDIT_SUSPEND or AUDIT_RESUME. |
ENOSPC | The Command parameter is AUDIT_QEVENTS, and the buffer size is insufficient. In this case, the first word of the Argument parameter is set to the required size. |
EFAULT | The Command parameter is AUDIT_QEVENTS or AUDIT_EVENTS and the Argument parameter points to a location outside of the process' allocated address space. |
ENOMEM | Memory allocation failed. |
EPERM | The caller does not have root user authority. |