The AUDIT privilege allows software to append audit recordsto the system security audit log file using one of four system services:$AUDIT_EVENT, $CHECK_PRIVILEGE, $CHKPRO, or $CHECK_ACCESS. In addition,the $AUDIT_EVENT system service allows all components of an auditmessage to be specified. As a result, this privilege permits thelogging of events that appear to have come from the operating systemor a user process.
Grant this privilege only to trusted images that need to appendaudit messages to the system audit log file. Users possessing thisprivilege can provoke a system failure by attempting to log invalidevents with the NSA$M_INTERNAL flag set.