Copyright Digital Equipment Corp. All rights reserved.

Arguments

 

efn

   OpenVMS usage:ef_number
   type:         longword (unsigned)
   access:       read only
   mechanism:    by value
   Number of the event flag to be set when the audit completes. The
   efn argument is a longword containing the number of the event
   flag; however, $AUDIT_EVENT uses only the low-order byte. If efn
   is not specified, event flag 0 is used.

   Upon request initiation, $AUDIT_EVENT clears the specified event
   flag.
 

flags

   OpenVMS usage:mask_longword
   type:         longword (unsigned)
   access:       read only
   mechanism:    by value
   Flags specifying options for the $AUDIT_EVENT system operation.
   The flags argument is a longword bit mask, where each bit
   corresponds to an option.

   Each flag option has a symbolic name. The $NSADEF macro defines
   the following symbolic names:

   Symbolic Name      Description

   NSA$M_ACL          Specifies an event generated by an Alarm ACE
                      or Audit ACE. This flag is Reserved to VSI.

   NSA$M_FLUSH        Specifies that all messages in the audit
                      server buffer be written to the audit log
                      file.

   NSA$M_INTERNAL     Specifies that the $AUDIT_EVENT call
                      originates in the context of a trusted
                      computing base (TCB) component. The auditing
                      components use this flag to indicate that
                      internal auditing failures should result in a
                      SECAUDTCB bugcheck. This flag is reserved to
                      VSI.

   NSA$M_MANDATORY    Specifies that an audit is to be performed,
                      regardless of system alarm and audit settings.

   NSA$M_NOEVTCHECK   Specifies that an audit is to be performed,
                      regardless of the system alarm or audit
                      settings. This flag is similar to the NSA$M_
                      MANDATORY bit but, unlike the NSA$M_MANDATORY
                      bit, this flag is not reflected in the NSA$W_
                      FLAGS field in the resulting audit record on
                      disk.

   NSA$M_SERVER       Indicates that the call originates in a TCB
                      server process and that the event should be
                      audited regardless of the state of a process-
                      specific, no-audit bit.

                      Trusted servers use this flag to override
                      the no-audit bit when they want to perform
                      explicit auditing on behalf of a client
                      process. This flag is Reserved to VSI.
 

itmlst

   OpenVMS usage:item_list_3
   type:         longword (unsigned)
   access:       read only
   mechanism:    by reference
   Item list specifying information to include in the audit record.
   The itmlst argument is the address of a list of item descriptors.
   The list of item descriptors is terminated by a longword of 0.

   The item list for all calls to $AUDIT_EVENT must include the
   following item codes:

   o  NSA$_EVENT_TYPE

   o  NSA$_EVENT_SUBTYPE

   o  At least one of the NSA$_ALARM_NAME item code or the NSA$_
      AUDIT_NAME item code.

   o  If the event being reported is an object access (NSA$C_MSG_
      OBJ_ACCESS) or an object delete (NSA$C_MSG_OBJ_DELETE), the
      NSA$_FINAL_STATUS, NSA$_ACCESS_DESIRED, and NSA$_OBJECT_CLASS
      item codes must be specified.

   o  If the event being reported is an object create (NSA$C_MSG_
      OBJ_CREATE), the NSA$_FINAL_STATUS and NSA$_OBJECT_CLASS item
      codes must be specified.

   o  If the event being reported is a privilege audit (NSA$C_MSG_
      PRVAUD), the NSA$_PRIVS_USED or the NSA$_PRIVS_MISSING item
      code must be specified.

   o  If the audit event being reported is a deaccess event (NSA$C_
      MSG_OBJ_DEACCESS), the NSA$_OBJECT_CLASS item code must be
      specified.

   The item list is a standard format item list.

   To view the item code diagram and descriptor fields table, see
   the VSI OpenVMS System Services Reference Manual.
 

audsts

   OpenVMS usage:cond_value_type
   type:         longword (unsigned)
   access:       write only
   mechanism:    by reference
   Longword condition value that receives the final completion
   status from the operation. If a security audit is required,
   the final completion status represents either the successful
   completion of the resulting security audit or any failing status
   that occurred while the security audit was performed within the
   audit server process.

   The audsts argument is valid only when the service returns
   success and the status is not SS$_EVTNOTENAB. In addition, the
   caller must either make use of the astadr argument or use the
   $AUDIT_EVENTW service before attempting to access audsts.
 

astadr

   OpenVMS usage:ast_procedure
   type:         procedure value
   access:       call without stack unwinding
   mechanism:    by reference
   Asynchronous system trap (AST) routine to be executed after the
   audsts is updated. The astadr argument, which is the address of a
   longword value, is the procedure value of the AST routine.

   The AST routine executes in the access mode of the caller of
   $AUDIT_EVENT.
 

astprm

   OpenVMS usage:user_arg
   type:         longword (unsigned)
   access:       read only
   mechanism:    by value
   Asynchronous system trap (AST) parameter passed to the AST
   service routine. The astprm argument is a longword value
   containing the AST parameter.