I’m interested in learning how the audit framework is used by trusted applications.  I’ve gone over all the audit-related man pages that I could find on a RHEL 4 system and searched/googled for a while but I can’t find a clear description of the programming model/paradigm that trusted processes would follow to generate audit records.  I could go through something like the login code to see what it does, but then I’d be making an assumption that it does it correctly :-).  If such a description exists, could someone provide a pointer for me?  Thanks,

 

--Tad