audit_dpms_api.3 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

audit_dpms_api(3) audit_dpms_api(3)

/etc/audit/audit.conf

or /etc/audit/audit_site.conf.h

ﬁle.

AUDIT_DPMS_FILTER_SYNTAX_ERROR

There are syntax errors in the given ﬁlter ﬁle.

AUDIT_DPMS_FILTER_GET_TIME_ERROR

Failed in time related function calls.

EXAMPLES

The following example program reads raw audit data and writes it to a ﬁle in portable format. This pro-

gram assumes that a ﬁlter ﬁle called

audit_filters.txt

resides in the current directory. The for-

mat of a ﬁlter ﬁle is described in audit_dpms_ﬁlter (4). For example, to select all events, create an empty

ﬁle called

audit_filters.txt

. Or, to select only the

syscall=open events, create

audit_filters.txt

with the following two lines:

[filter]

include syscall=open

The program is as follows:

#include <stdlib.h>

#include <audit_dpms.h>

#include <audit_dpms_api.h>

int

main(int argc, char **argv)

{

audit_dpms_handle_t *dpmh1, *dpmh2;

audit_dpms_event_origin_t origin;

audit_dpms_event_header_t header;

audit_dpms_event_subject_t subject;

audit_dpms_event_object_t object;

audit_dpms_event_details_t details;

char *buffer;

int rc;

buffer = malloc(AUDIT_DPMS_BUFFER_SIZE);

if (buffer == NULL) exit(1);

/* read raw audit data from "./rlog" using the raw DPMS module */

rc = audit_dpms_start("libaudit_hpux_raw", AUDIT_DPMS_PATH,

"rlog", "", AUDIT_DPMS_VERSION, &dpmh1);

if (rc) exit(2);

/* write portable data to "./plog" using the portable DPMS module */

rc = audit_dpms_start("libaudit_hpux_portable", AUDIT_DPMS_PATH,

"plog", "write", AUDIT_DPMS_VERSION, &dpmh2);

if (rc) exit(3);

/* open filter file to filter specific events */

rc = audit_dpms_register_filter(dpmh1, "audit_filters.txt");

if (rc) exit(4);

/* read, convert, and write all audit data */

for (;;) {

rc = audit_dpms_read_event(dpmh1, &origin, &header,

&subject, &object, &details, buffer);

if (rc == AUDIT_DPMS_EOF) break;

if (rc) exit(5);

rc = audit_dpms_write_event(dpmh2, &origin, &header,

&subject, &object, &details, buffer);

if (rc) exit(6);

}

if (rc != AUDIT_DPMS_EOF) exit(7);

4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2010