2 .\" Copyright (c) 2005 Robert N. M. Watson
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 .\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#5 $
35 .Nd "perform I/O involving an audit record"
41 .Fn au_fetch_tok "tokenstr_t *tok" "u_char *buf" "int len"
44 .Fa "FILE *outfp" "tokenstr_t *tok" "char *del" "char raw" "char sfrm"
47 .Fn au_read_rec "FILE *fp" "u_char **buf"
49 These interfaces support input and output (I/O) involving audit records,
50 internalizing an audit record from a byte stream, converting a token to
51 either a raw or default string, and reading a single record from a file.
56 reads a token from the passed buffer
60 bytes, and returns a pointer to the token via
66 prints a string form of the token
68 to the file output stream
70 either in default mode, or raw mode if
75 is used when printing.
80 reads an audit record from the file stream
82 and returns an allocated memory buffer containing the record via
84 which must be freed by the caller using
87 A typical use of these routines might open a file with
89 then read records from the file sequentially by calling
91 Each record would be broken down into components tokens through sequential
94 on the buffer, and then invoking
96 to print each token to an output stream such as
98 On completion of the processing of each record, a call to
100 would be used to free the record buffer.
101 Finally, the source stream would be closed by a call to
109 return 0 on success, or \-1 on failure along with additional error information
116 The OpenBSM implementation was created by McAfee Research, the security
117 division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
118 It was subsequently adopted by the TrustedBSD Project as the foundation for
119 the OpenBSM distribution.
122 This software was created by
126 .An Suresh Krishnaswamy
127 for McAfee Research, the security research division of McAfee,
128 Inc., under contract to Apple Computer, Inc.
130 The Basic Security Module (BSM) interface to audit records and audit event
131 stream format were defined by Sun Microsystems.
136 may not always be properly set in the event of an error.