442 comment=3, "setqctrl:aq_bufsz", queue control param.:
443 comment=3, "setqctrl:aq_delay", queue control param.
444 syscall=auditon: SQCTRL
445 # header,176,2,auditon(2) - SQCTRL command,,Mon May 15 09:19:23 2000, + 610001124 msec
446 # argument,3,0x64,setqctrl:aq_hiwater
447 # argument,3,0xa,setqctrl:aq_lowater
448 # argument,3,0x400,setqctrl:aq_bufsz
449 # argument,3,0x14,setqctrl:aq_delay
450 # subject,tuser10,root,other,root,other,3861,367,255 197121 tmach1
451 # return,success,0
452 # trailer,176
453 # header,176,2,auditon(2) - SQCTRL command,,Mon May 15 09:19:35 2000, + 720003197 msec
454 # argument,3,0x64,setqctrl:aq_hiwater
455 # argument,3,0xa,setqctrl:aq_lowater
456 # argument,3,0x400,setqctrl:aq_bufsz
457 # argument,3,0x14,setqctrl:aq_delay
458 # subject,tuser10,tuser10,other,root,other,3969,367,255 197121 tmach1
459 # return,failure: Not owner,-1
460 # trailer,176
461
462 label=AUE_AUDITON_STERMID
463 skip=Not used.
464
465 label=AUE_AUDITSTAT
466 skip=Not used.
467
468 label=AUE_AUDITSVC
469 skip=Not used.
470
471 label=AUE_AUDITSYS
472 skip=Not used. (Place holder for various auditing events.)
473
474 label=AUE_BIND
475 # differs from documented version.
476 # cases "no vnode" not fully confirmed
477 # family and type need argument number
478 case=Invalid socket handle
479 format=arg1
480 comment=1, file descriptor, "so"
481 case=If there is no vnode for this file descriptor
|
442 comment=3, "setqctrl:aq_bufsz", queue control param.:
443 comment=3, "setqctrl:aq_delay", queue control param.
444 syscall=auditon: SQCTRL
445 # header,176,2,auditon(2) - SQCTRL command,,Mon May 15 09:19:23 2000, + 610001124 msec
446 # argument,3,0x64,setqctrl:aq_hiwater
447 # argument,3,0xa,setqctrl:aq_lowater
448 # argument,3,0x400,setqctrl:aq_bufsz
449 # argument,3,0x14,setqctrl:aq_delay
450 # subject,tuser10,root,other,root,other,3861,367,255 197121 tmach1
451 # return,success,0
452 # trailer,176
453 # header,176,2,auditon(2) - SQCTRL command,,Mon May 15 09:19:35 2000, + 720003197 msec
454 # argument,3,0x64,setqctrl:aq_hiwater
455 # argument,3,0xa,setqctrl:aq_lowater
456 # argument,3,0x400,setqctrl:aq_bufsz
457 # argument,3,0x14,setqctrl:aq_delay
458 # subject,tuser10,tuser10,other,root,other,3969,367,255 197121 tmach1
459 # return,failure: Not owner,-1
460 # trailer,176
461
462 label=AUE_AUDITON_SETPMASK
463 format=[arg]1:[arg]2
464 comment=3, "setpmask:pid", process
465 comment=3, "setpmask:as_success", audit ID mask:
466 comment=3, "setpmask:as_failure", audit ID mask
467 syscall=auditon: SETPMASK
468
469 label=AUE_AUDITON_SETKAUDIT
470 format=arg1:arg2:arg3:inaddr4:arg5:arg6:arg7
471 comment=1, audit user ID, "auid":
472 comment=1, terminal ID, "port":
473 comment=1, type, "type":
474 comment=1, terminal ID, "ip address":
475 comment=1, preselection mask, "as_success":
476 comment=1, preselection mask, "as_failure":
477 comment=1, audit session ID, "asid"
478 syscall=auditon: SETKAUDIT
479
480 label=AUE_AUDITON_GETPINFO
481 format=kernel
482 syscall=auditon: GETPINFO
483
484 label=AUE_AUDITON_GETKAUDIT
485 format=kernel
486 syscall=auditon: GETKAUDIT
487
488 label=AUE_AUDITON_OTHER
489 format=kernel
490 syscall=auditon: OTHER
491
492 label=AUE_AUDITON_STERMID
493 skip=Not used.
494
495 label=AUE_AUDITSTAT
496 skip=Not used.
497
498 label=AUE_AUDITSVC
499 skip=Not used.
500
501 label=AUE_AUDITSYS
502 skip=Not used. (Place holder for various auditing events.)
503
504 label=AUE_BIND
505 # differs from documented version.
506 # cases "no vnode" not fully confirmed
507 # family and type need argument number
508 case=Invalid socket handle
509 format=arg1
510 comment=1, file descriptor, "so"
511 case=If there is no vnode for this file descriptor
|