.\"
.\" Copyright (c) 2007 Apple Inc. All rights reserved.
.\"
.\" @APPLE_LICENSE_HEADER_START@
.\" 
.\" This file contains Original Code and/or Modifications of Original Code
.\" as defined in and that are subject to the Apple Public Source License
.\" Version 2.0 (the 'License'). You may not use this file except in
.\" compliance with the License. Please obtain a copy of the License at
.\" http://www.opensource.apple.com/apsl/ and read it before using this
.\" file.
.\" 
.\" The Original Code and all software distributed under the License are
.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
.\" Please see the License for the specific language governing rights and
.\" limitations under the License.
.\" 
.\" @APPLE_LICENSE_HEADER_END@
.\"
.Dd July 30, 2007
.Dt AUDIT 2
.Os Darwin
.Sh NAME
.Nm audit
.Nd submit a record to the kernel for auditing 
.Sh SYNOPSIS
.Fd #include <bsm/audit.h>
.Ft int
.Fn audit "const void * record" "int length"
.Sh DESCRIPTION
The
.Fn audit
function submits a record to the kernel for inclusion in the global audit 
trail. The record must already be in BSM format. To protect the integrity
of the audit trail, this system call must be made with sufficient privileges.
.Fa Libbsm
can be used to create and manipulate BSM data.
.Fa Length
is the length in bytes of the BSM record and
.Fa record
points to the data.
.Sh RETURN VALUES
Upon successful completion a value of 0 is returned.
Otherwise, a value of -1 is returned and
.Va errno
is set to indicate the error.
.Sh ERRORS
.Bl -tag -width Er
The
.Fn audit
system call will fail if:
.\" ===========
.It Bq Er EINVAL
.Fa Length
is greater than MAX_AUDIT_RECORD_SIZE, less than zero, greater than the
internal buffer size, or the record fails verification.
.\" ===========
.It Bq Er ENOTSUP
The security auditing service is not available.
.\" ===========
.It Bq Er EPERM
The call was made with insufficient privileges to complete.
.\" ===========
.El
.Sh SEE ALSO
.Xr auditon 2 ,
.Xr auditctl 2 ,
.Xr getauid 2 ,
.Xr setauid 2 ,
.Xr getaudit 2 ,
.Xr setaudit 2
.Sh HISTORY
The
.Fn audit
function call first appeared in Mac OS X 10.3 (Panther).