Audit Subsystem Documentation

[Azrael]

Where can I find documentation regarding the underlying audit subsystem within the Linux kernel? 
Specifically, the protocol docs for NETLINK_AUDIT, so that I may query the subsystem from any sort
of language that supports NETLINK socket communication.

Does such documentation even exist?  If not, could somebody provide me with samples or a basic
idea/flow of how it all works?  I'd be willing to write it all down for public viewing if it
hasn't yet been done and if someone can get me started.

Thanks,
Azrael