table of contents
AUDIT_LOG_ACCT_MESSAGE(3) | Linux Audit API | AUDIT_LOG_ACCT_MESSAGE(3) |
NAME¶
audit_log_acct_message - log a user account message
SYNOPSIS¶
#include <libaudit.h>
int audit_log_acct_message(int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host, const char *addr, const char *tty, int result)
DESCRIPTION¶
This function will log a message to the audit system using a predefined message format. It should be used for all account manipulation operations. The function parameters are as follows:
audit_fd - The fd returned by audit_open type - type of message: AUDIT_USER_CHAUTHTOK for changing any account attributes. pgname - program's name, if NULL will attempt to figure out op - operation. Ex: "adding-user", "changing-finger-info", "deleting-group". This value should have a dash or underscore between the words so that report parsers group them together. name - user's account or group name. If not available use NULL. id - uid or gid that the operation is being performed on. If the user is unknown, pass a -1 and fill in the name parameter. This is used only when user is NULL. host - The hostname if known. If not available pass a NULL. addr - The network address of the user. If not available pass a NULL. tty - The tty of the user, if NULL will attempt to figure out result - 1 is "success" and 0 is "failed"
RETURN VALUE¶
It returns the sequence number which is > 0 on success or <= 0 on error.
ERRORS¶
This function returns -1 on failure. Examine errno for more info.
SEE ALSO¶
audit_log_user_message(3), audit_log_user_comm_message(3), audit_log_user_avc_message(3), audit_log_semanage_message(3).
AUTHOR¶
Steve Grubb
Nov 2015 | Red Hat |