ausyscall

Display syscall number of a specific system call

$ ausyscall [search_pattern]

$ ausyscall [system_call_number]

$ ausyscall [architecture] --dump

ausyscall architecture syscall_number | syscall_name

architecture
    Specifies the architecture to use for system call name/number resolution. Examples include i386, x86_64, arm, etc.

syscall_number
    An integer representing the system call number.

syscall_name
    The name of the system call (e.g., open, read).

The ausyscall command in Linux is used to translate system call numbers to names and vice-versa, and can also be used with gdb (or other debuggers) to set breakpoints on specific system calls. Its primary function is to aid in debugging and security auditing by providing a user-friendly interface for system call identification.

By specifying a system call number, ausyscall will output the corresponding name. Conversely, providing a system call name will return its associated number. This is particularly helpful when analyzing system logs or debugging applications that make use of system calls. Furthermore, when used with a debugger, ausyscall simplifies the process of placing breakpoints on system calls by allowing you to specify the system call by name instead of requiring knowledge of the underlying system call table.

The availability of system call names/numbers depends on the architecture specified. Incorrect architecture specification will lead to incorrect results. System call tables can vary across kernel versions. Therefore the number/name provided may be different in other systems. The ausyscall tool is available on systems with the audit package.

To find the system call number for open on x86_64 architecture:
ausyscall x86_64 open

To find the system call name for number 2 on i386 architecture:
ausyscall i386 2

ausyscall is part of the Linux Audit system, which was designed to provide detailed information about security events. The Audit system itself has been under development for many years, initially to provide a security auditing solution to comply with regulatory requirements. ausyscall was created as a command-line tool to provide a simple and easy way to interact with the system call mappings, essential to audit capabilities.

auditd(8), ausearch(1), auditctl(8)