python
diff --git a/‎Doc/library/ctypes.rst
Lines changed: 1 addition & 1 deletion b/‎Doc/library/ctypes.rst
Lines changed: 1 addition & 1 deletion
diff --git a/‎Doc/library/ensurepip.rst
Lines changed: 2 additions & 0 deletions b/‎Doc/library/ensurepip.rst
Lines changed: 2 additions & 0 deletions
diff --git a/‎Doc/library/ftplib.rst
Lines changed: 6 additions & 0 deletions b/‎Doc/library/ftplib.rst
Lines changed: 6 additions & 0 deletions
diff --git a/‎Doc/library/functions.rst
Lines changed: 8 additions & 6 deletions b/‎Doc/library/functions.rst
Lines changed: 8 additions & 6 deletions
diff --git a/‎Doc/library/glob.rst
Lines changed: 4 additions & 0 deletions b/‎Doc/library/glob.rst
Lines changed: 4 additions & 0 deletions
diff --git a/‎Doc/library/imaplib.rst
Lines changed: 4 additions & 0 deletions b/‎Doc/library/imaplib.rst
Lines changed: 4 additions & 0 deletions
diff --git a/‎Doc/library/io.rst
Lines changed: 1 addition & 1 deletion b/‎Doc/library/io.rst
Lines changed: 1 addition & 1 deletion
diff --git a/‎Doc/library/nntplib.rst
Lines changed: 11 additions & 0 deletions b/‎Doc/library/nntplib.rst
Lines changed: 11 additions & 0 deletions
diff --git a/‎Doc/library/os.rst
Lines changed: 4 additions & 0 deletions b/‎Doc/library/os.rst
Lines changed: 4 additions & 0 deletions
diff --git a/‎Doc/library/pdb.rst
Lines changed: 2 additions & 0 deletions b/‎Doc/library/pdb.rst
Lines changed: 2 additions & 0 deletions
diff --git a/‎Doc/library/poplib.rst
Lines changed: 12 additions & 0 deletions b/‎Doc/library/poplib.rst
Lines changed: 12 additions & 0 deletions
diff --git a/‎Doc/library/shutil.rst
Lines changed: 6 additions & 0 deletions b/‎Doc/library/shutil.rst
Lines changed: 6 additions & 0 deletions
diff --git a/‎Doc/library/smtplib.rst
Lines changed: 6 additions & 0 deletions b/‎Doc/library/smtplib.rst
Lines changed: 6 additions & 0 deletions
diff --git a/‎Doc/library/sqlite3.rst
Lines changed: 2 additions & 0 deletions b/‎Doc/library/sqlite3.rst
Lines changed: 2 additions & 0 deletions
diff --git a/‎Doc/library/subprocess.rst
Lines changed: 7 additions & 0 deletions b/‎Doc/library/subprocess.rst
Lines changed: 7 additions & 0 deletions
diff --git a/‎Doc/library/telnetlib.rst
Lines changed: 4 additions & 0 deletions b/‎Doc/library/telnetlib.rst
Lines changed: 4 additions & 0 deletions
diff --git a/‎Doc/library/tempfile.rst
Lines changed: 10 additions & 0 deletions b/‎Doc/library/tempfile.rst
Lines changed: 10 additions & 0 deletions
diff --git a/‎Doc/library/urllib.request.rst
Lines changed: 1 addition & 1 deletion b/‎Doc/library/urllib.request.rst
Lines changed: 1 addition & 1 deletion
diff --git a/‎Doc/library/webbrowser.rst
Lines changed: 2 additions & 0 deletions b/‎Doc/library/webbrowser.rst
Lines changed: 2 additions & 0 deletions
diff --git a/‎Doc/tools/extensions/suspicious.py
Lines changed: 5 additions & 5 deletions b/‎Doc/tools/extensions/suspicious.py
Lines changed: 5 additions & 5 deletions
@@ -2046,7 +2046,7 @@ Data types
       .. audit-event:: ctypes.cdata address
 
          This method, and others that indirectly call this method, raises an
-         :func:`auditing event <sys.audit>` ``ctypes.cdata`` with argument
+         :ref:`auditing event <auditing>` ``ctypes.cdata`` with argument
          ``address``.
 
    .. method:: from_param(obj)
 
@@ -119,6 +119,8 @@ Module API
    *verbosity* controls the level of output to :data:`sys.stdout` from the
    bootstrapping operation.
 
+   .. audit-event:: ensurepip.bootstrap root
+
    .. note::
 
       The bootstrapping process has side effects on both ``sys.path`` and
 
@@ -190,6 +190,8 @@ followed by ``lines`` for the text version or ``binary`` for the binary version.
    *source_address* is a 2-tuple ``(host, port)`` for the socket to bind to as
    its source address before connecting.
 
+   .. audit-event:: ftplib.FTP.connect "self host port"
+
    .. versionchanged:: 3.3
       *source_address* parameter was added.
 
@@ -223,13 +225,17 @@ followed by ``lines`` for the text version or ``binary`` for the binary version.
 
    Send a simple command string to the server and return the response string.
 
+   .. audit-event:: ftplib.FTP.sendcmd "self cmd"
+
 
 .. method:: FTP.voidcmd(cmd)
 
    Send a simple command string to the server and handle the response.  Return
    nothing if a response code corresponding to success (codes in the range
    200--299) is received.  Raise :exc:`error_reply` otherwise.
 
+   .. audit-event:: ftplib.FTP.sendcmd "self cmd"
+
 
 .. method:: FTP.retrbinary(cmd, callback, blocksize=8192, rest=None)
 
 
@@ -128,6 +128,8 @@ are always available.  They are listed here in alphabetical order.
    :func:`breakpoint` will automatically call that, allowing you to drop into
    the debugger of choice.
 
+   .. audit-event:: builtins.breakpoint "sys.breakpointhook"
+
    .. versionadded:: 3.7
 
 .. _func-bytearray:
@@ -277,7 +279,7 @@ are always available.  They are listed here in alphabetical order.
 
    .. audit-event:: compile "source filename"
 
-      Raises an :func:`auditing event <sys.audit>` ``compile`` with arguments
+      Raises an :ref:`auditing event <auditing>` ``compile`` with arguments
       ``source`` and ``filename``. This event may also be raised by implicit
       compilation.
 
@@ -490,8 +492,8 @@ are always available.  They are listed here in alphabetical order.
 
    .. audit-event:: exec code_object
 
-      Raises an :func:`auditing event <sys.audit>` ``exec`` with the code object as
-      the argument. Code compilation events may also be raised.
+      Raises an :ref:`auditing event <auditing>` ``exec`` with the code object
+      as the argument. Code compilation events may also be raised.
 
 .. index:: builtin: exec
 
@@ -525,8 +527,8 @@ are always available.  They are listed here in alphabetical order.
 
    .. audit-event:: exec code_object
 
-      Raises an :func:`auditing event <sys.audit>` ``exec`` with the code object as
-      the argument. Code compilation events may also be raised.
+      Raises an :ref:`auditing event <auditing>` ``exec`` with the code object
+      as the argument. Code compilation events may also be raised.
 
    .. note::
 
@@ -779,7 +781,7 @@ are always available.  They are listed here in alphabetical order.
 
    .. audit-event:: builtins.input prompt
 
-      Raises an :func:`auditing event <sys.audit>` ``builtins.input`` with
+      Raises an :ref:`auditing event <auditing>` ``builtins.input`` with
       argument ``prompt`` before reading input
 
    .. audit-event:: builtins.input/result result
 
@@ -52,6 +52,8 @@ For example, ``'[?]'`` matches the character ``'?'``.
    more directories and subdirectories.  If the pattern is followed by an
    ``os.sep``, only directories and subdirectories match.
 
+   .. audit-event:: glob.glob "pathname recursive"
+
    .. note::
       Using the "``**``" pattern in large directory trees may consume
       an inordinate amount of time.
@@ -65,6 +67,8 @@ For example, ``'[?]'`` matches the character ``'?'``.
    Return an :term:`iterator` which yields the same values as :func:`glob`
    without actually storing them all simultaneously.
 
+   .. audit-event:: glob.glob "pathname recursive"
+
 
 .. function:: escape(pathname)
 
 
@@ -361,6 +361,8 @@ An :class:`IMAP4` instance has the following methods:
    :meth:`IMAP4.send`, and :meth:`IMAP4.shutdown` methods.  You may override
    this method.
 
+   .. audit-event:: imaplib.IMAP4.open "self host port"
+
 
 .. method:: IMAP4.partial(message_num, message_part, start, length)
 
@@ -430,6 +432,8 @@ An :class:`IMAP4` instance has the following methods:
 
    Sends ``data`` to the remote server. You may override this method.
 
+   .. audit-event:: imaplib.IMAP4.send "self data"
+
 
 .. method:: IMAP4.setacl(mailbox, who, what)
 
 
@@ -122,7 +122,7 @@ High-level Module Interface
 
    .. audit-event:: open "path mode flags"
 
-      This function raises an :func:`auditing event <sys.audit>` ``open`` with
+      This function raises an :ref:`auditing event <auditing>` ``open`` with
       arguments ``path``, ``mode`` and ``flags``. The ``mode`` and ``flags``
       arguments may have been modified or inferred from the original call.
 
 
@@ -79,6 +79,11 @@ The module itself defines the following classes:
     ('211 1755 1 1755 gmane.comp.python.committers', 1755, 1, 1755, 'gmane.comp.python.committers')
     >>>
 
+   .. audit-event:: nntplib.NNTP "self host port"
+
+   All commands will raise an :ref:`auditing event <auditing>`
+   ``nntplib.NNTP.putline`` with arguments ``self`` and ``line``,
+   where ``line`` is the bytes about to be sent to the remote host.
 
    .. versionchanged:: 3.2
       *usenetrc* is now ``False`` by default.
@@ -100,6 +105,12 @@ The module itself defines the following classes:
    STARTTLS as described below.  However, some servers only support the
    former.
 
+   .. audit-event:: nntplib.NNTP "self host port"
+
+   All commands will raise an :ref:`auditing event <auditing>`
+   ``nntplib.NNTP.putline`` with arguments ``self`` and ``line``,
+   where ``line`` is the bytes about to be sent to the remote host.
+
    .. versionadded:: 3.2
 
    .. versionchanged:: 3.4
 
@@ -1801,6 +1801,8 @@ features:
    This function can also support :ref:`specifying a file descriptor
    <path_fd>`; the file descriptor must refer to a directory.
 
+   .. audit-event:: os.listdir path
+
    .. note::
       To encode ``str`` filenames to ``bytes``, use :func:`~os.fsencode`.
 
@@ -2178,6 +2180,8 @@ features:
    This function can also support :ref:`specifying a file descriptor
    <path_fd>`; the file descriptor must refer to a directory.
 
+   .. audit-event:: os.scandir path
+
    The :func:`scandir` iterator supports the :term:`context manager` protocol
    and has the following method:
 
 
@@ -181,6 +181,8 @@ access further features, you have to do this yourself:
 
       import pdb; pdb.Pdb(skip=['django.*']).set_trace()
 
+   .. audit-event:: pdb.Pdb
+
    .. versionadded:: 3.1
       The *skip* argument.
 
 
@@ -39,6 +39,12 @@ The :mod:`poplib` module provides two classes:
    connection attempt (if not specified, the global default timeout setting will
    be used).
 
+   .. audit-event:: poplib.POP3 "self host port"
+
+   All commands will raise an :ref:`auditing event <auditing>`
+   ``poplib.POP3.putline`` with arguments ``self`` and ``line``,
+   where ``line`` is the bytes about to be sent to the remote host.
+
 
 .. class:: POP3_SSL(host, port=POP3_SSL_PORT, keyfile=None, certfile=None, timeout=None, context=None)
 
@@ -54,6 +60,12 @@ The :mod:`poplib` module provides two classes:
    point to PEM-formatted private key and certificate chain files,
    respectively, for the SSL connection.
 
+   .. audit-event:: poplib.POP3 "self host port"
+
+   All commands will raise an :ref:`auditing event <auditing>`
+   ``poplib.POP3.putline`` with arguments ``self`` and ``line``,
+   where ``line`` is the bytes about to be sent to the remote host.
+
    .. versionchanged:: 3.2
       *context* parameter added.
 
 
@@ -249,6 +249,8 @@ Directory and files operations
    as arguments. By default, :func:`~shutil.copy2` is used, but any function
    that supports the same signature (like :func:`~shutil.copy`) can be used.
 
+   .. audit-event:: shutil.copytree "src dst"
+
    .. versionchanged:: 3.3
       Copy metadata when *symlinks* is false.
       Now returns *dst*.
@@ -296,6 +298,8 @@ Directory and files operations
    *excinfo*, will be the exception information returned by
    :func:`sys.exc_info`.  Exceptions raised by *onerror* will not be caught.
 
+   .. audit-event:: shutil.rmtree path
+
    .. versionchanged:: 3.3
       Added a symlink attack resistant version that is used automatically
       if platform supports fd-based functions.
@@ -558,6 +562,8 @@ provided.  They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
 
    The *verbose* argument is unused and deprecated.
 
+   .. audit-event:: shutil.make_archive "base_name format root_dir base_dir"
+
    .. versionchanged:: 3.8
       The modern pax (POSIX.1-2001) format is now used instead of
       the legacy GNU format for archives created with ``format="tar"``.
 
@@ -55,6 +55,10 @@ Protocol) and :rfc:`1869` (SMTP Service Extensions).
     (250, b'Ok')
     >>>
 
+   All commands will raise an :ref:`auditing event <auditing>`
+   ``smtplib.SMTP.send`` with arguments ``self`` and ``data``,
+   where ``data`` is the bytes about to be sent to the remote host.
+
    .. versionchanged:: 3.3
       Support for the :keyword:`with` statement was added.
 
@@ -242,6 +246,8 @@ An :class:`SMTP` instance has the following methods:
    2-tuple of the response code and message sent by the server in its
    connection response.
 
+   .. audit-event:: smtplib.SMTP.connect "self host port"
+
 
 .. method:: SMTP.helo(name='')
 
 
@@ -224,6 +224,8 @@ Module functions and constants
    More information about this feature, including a list of recognized options, can
    be found in the `SQLite URI documentation <https://www.sqlite.org/uri.html>`_.
 
+   .. audit-event:: sqlite3.connect "database"
+
    .. versionchanged:: 3.4
       Added the *uri* parameter.
 
 
@@ -585,6 +585,13 @@ functions.
       with Popen(["ifconfig"], stdout=PIPE) as proc:
           log.write(proc.stdout.read())
 
+   .. audit-event:: subprocess.Popen "executable args cwd env"
+
+      Popen and the other functions in this module that use it raise an
+      :ref:`auditing event <auditing>` ``subprocess.Popen`` with arguments
+      ``executable``, ``args``, ``cwd``, ``env``. The value for ``args``
+      may be a single string or a list of strings, depending on platform.
+
    .. versionchanged:: 3.2
       Added context manager support.
 
 
@@ -141,6 +141,8 @@ Telnet Objects
 
    Do not try to reopen an already connected instance.
 
+   .. audit-event:: telnetlib.Telnet.open "self host port"
+
 
 .. method:: Telnet.msg(msg, *args)
 
@@ -176,6 +178,8 @@ Telnet Objects
    block if the connection is blocked.  May raise :exc:`OSError` if the
    connection is closed.
 
+   .. audit-event:: telnetlib.Telnet.write "self buffer"
+
    .. versionchanged:: 3.3
       This method used to raise :exc:`socket.error`, which is now an alias
       of :exc:`OSError`.
 
@@ -62,6 +62,8 @@ The module defines the following user-callable items:
    The :py:data:`os.O_TMPFILE` flag is used if it is available and works
    (Linux-specific, requires Linux kernel 3.11 or later).
 
+   .. audit-event:: tempfile.mkstemp "full-path"
+
    .. versionchanged:: 3.5
 
       The :py:data:`os.O_TMPFILE` flag is now used if available.
@@ -85,6 +87,8 @@ The module defines the following user-callable items:
    attribute is the underlying true file object. This file-like object can
    be used in a :keyword:`with` statement, just like a normal file.
 
+   .. audit-event:: tempfile.mkstemp "full-path"
+
    .. versionchanged:: 3.8
       Added *errors* parameter.
 
@@ -130,6 +134,8 @@ The module defines the following user-callable items:
    The directory can be explicitly cleaned up by calling the
    :func:`cleanup` method.
 
+   .. audit-event:: tempfile.mkdtemp "full-path"
+
    .. versionadded:: 3.2
 
 
@@ -177,6 +183,8 @@ The module defines the following user-callable items:
    file (as would be returned by :func:`os.open`) and the absolute pathname
    of that file, in that order.
 
+   .. audit-event:: tempfile.mkstemp "full-path"
+
    .. versionchanged:: 3.5
       *suffix*, *prefix*, and *dir* may now be supplied in bytes in order to
       obtain a bytes return value.  Prior to this, only str was allowed.
@@ -198,6 +206,8 @@ The module defines the following user-callable items:
 
    :func:`mkdtemp` returns the absolute pathname of the new directory.
 
+   .. audit-event:: tempfile.mkdtemp "full-path"
+
    .. versionchanged:: 3.5
       *suffix*, *prefix*, and *dir* may now be supplied in bytes in order to
       obtain a bytes return value.  Prior to this, only str was allowed.
 
@@ -97,7 +97,7 @@ The :mod:`urllib.request` module defines the following functions:
 
    .. audit-event:: urllib.Request "fullurl data headers method"
 
-      The default opener raises an :func:`auditing event <sys.audit>`
+      The default opener raises an :ref:`auditing event <auditing>`
       ``urllib.Request`` with arguments ``fullurl``, ``data``, ``headers``,
       ``method`` taken from the request object.
 
 
@@ -64,6 +64,8 @@ The following functions are defined:
    may work and start the operating system's associated program.  However, this
    is neither supported nor portable.
 
+   .. audit-event:: webbrowser.open "url"
+
 
 .. function:: open_new(url)
 
 
@@ -115,8 +115,8 @@ def write_doc(self, docname, doctree):
     def finish(self):
         unused_rules = [rule for rule in self.rules if not rule.used]
         if unused_rules:
-            self.warn('Found %s/%s unused rules:' %
-                      (len(unused_rules), len(self.rules)))
+            self.logger.warn('Found %s/%s unused rules:' %
+                             (len(unused_rules), len(self.rules)))
                 self.logger.info(repr(rule))
         return
@@ -151,10 +151,10 @@ def report_issue(self, text, lineno, issue):
         self.any_issue = True
         self.write_log_entry(lineno, issue, text)
         if py3:
-            self.warn('[%s:%d] "%s" found in "%-.120s"' %
-                      (self.docname, lineno, issue, text))
+            self.logger.warn('[%s:%d] "%s" found in "%-.120s"' %
+                             (self.docname, lineno, issue, text))
         else:
-            self.warn('[%s:%d] "%s" found in "%-.120s"' % (
+            self.logger.warn('[%s:%d] "%s" found in "%-.120s"' % (
                 self.docname.encode(sys.getdefaultencoding(),'replace'),
                 lineno,
                 issue.encode(sys.getdefaultencoding(),'replace'),