Manual Reference Pages - AU_GET_STATE (3)
- audit event notification
audit notification API tracks audit state in a form permitting efficient
update, avoiding frequent system calls to check the kernel audit state.
It is implemented only for Darwin/Mac OS X.
function provides a lightweight way to check whether or not auditing is
If a client wants to use this function to determine whether an entire
series of audit calls should be made -- as in the common case of a caller
building a set of tokens, then writing them -- it should cache the audit
status in a local variable.
This function always returns the current state of auditing.
If audit notification has not already been initialized by calling
it will be automatically initialized on the first call of
function initializes audit notification.
function cancels audit notification and frees the resources associated with it.
Responsible code that no longer needs to use
should call this function.
If no error occurred the
if auditing is disabled or suspended, and
if auditing is enabled and active.
Otherwise, the function can return any of the errno values defined for
if audit does not appear to be supported by the system.
function returns 0 on success,
if audit does not appear to be supported by the system,
or one of the status codes defined in
on Mac OS X to indicate the error.
function returns 0 on success, or -1 on failure.
notify 3 (Mac OS X)
The OpenBSM implementation was created by McAfee Research, the security
division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
It was subsequently adopted by the TrustedBSD Project as the foundation for
the OpenBSM distribution.
This software was created by
.An Apple Computer, Inc .
The Basic Security Module (BSM) interface to audit records and audit event
stream format were defined by Sun Microsystems.
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.