After reading in the desired audit record by using the dce_aud_next( ) function, these binary audit records must be transformed into human-readable form.
You can use any of the following three functions to transform the audit record information to human readable form:
· dce_aud_print( )
Formats the entire audit record (header and tail) into ASCII format.
· dce_aud_get_header( )
Obtains the header information of the audit record and formats it into human readable form.
· dce_aud_get_ev_info( )
Obtains the event-specific information in the tail of the audit record and formats it into human readable form.
The dce_aud_next( ) function returns the address of the audit record to these functions. These functions then allocate memory for the ASCII-format buffer (using malloc( )) and fills it with the ASCII representation of the audit record. The user must explicitly release this memory (using free( )) when all audit record retrieving and transforming tasks have been accomplished.