timestamp of the record and the serial number are used by the user-space daemon to determine which pieces
belong to the same audit record. The tuple is unique for each syscall and lasts from syscall entry to syscall
exit. The tuple is composed of the timestamp and the serial number.
Each audit record for system calls contain the system call return code, which indicates if the call was
successful or not. The following table lists security relevant events for which an audit record is generated on
the TOE.
144