#include <sys/types.h> #include <audit.h>int auditdmp(struct arec *arecp, int size);
In general, the P_AUDITWR privilege is intended for user applications that need to append records to the audit log; such programs can append only records of type ADT_MISC [see audit(5)] to the log. The P_AUDIT privilege is intended to be used only by trusted system commands and shell scripts, and allows the calling process to append any type of user-level event record to the audit buffer.
The arecp argument points to a structure of type arec that contains the following elements:
typedef struct arec { int rtype; /* audit record event type */ int rstatus; /* audit record event status */ int rsize; /* audit records size of argp */ char *argp; /* audit record data */ } arec_t
The rtype element of the arec structure specifies the event type of the audit record. If the rtype argument is one of those specified on audit(5), and if its corresponding bit is set in the process emask [see auditevt(2)] for the invoking process, the system generates an audit record. The rstatus element of the arec structure is the status of the user-level event: zero for success, non-zero for failure. The rsize element of the arec structure specifies the size of memory required to record the data to be written. The argp element of the arec structure is a character pointer to the audit data.
The size argument is used to verify the size of the arec structure being passed to determine the version of auditing.