By default, auditing is enabled. Therefore, by default, all events in the login/logout class are audited. To audit the users who are configuring the system, you can create roles early in the configuration process. When these roles configure the system, the audit records include the login user who assumes the role. See Creating Roles and Users in Trusted Extensions.
Planning auditing in Trusted Extensions is the same as in the Oracle Solaris OS. For details, see Managing Auditing in Oracle Solaris 11.2 . While Trusted Extensions adds classes, events, and audit tokens, the software does not change how auditing is administered. For Trusted Extensions additions to auditing, see Chapter 22, Trusted Extensions and Auditing.