I'm looking for a pointer on the programming model

I'm interested in learning how the audit framework is used by trusted applications. I've gone over all the audit-related man pages that I could find on a RHEL 4 system and searched/googled for a while but I can't find a clear description of the programming model/paradigm that trusted processes would follow to generate audit records. I could go through something like the login code to see what it does, but then I'd be making an assumption that it does it correctly :-). If such a description exists, could someone provide a pointer for me? Thanks, --Tad