Trusted Solaris Audit Administration

To Set User Exceptions to the Audit Flags

The security administrator at label admin_low, enters user exceptions to system-wide audit flags in the user's Audit tab.

In the the role secadmin, launch the Solaris Management Console from the Application Manager and choose the toolbox appropriate for your site.

Under the User Accounts node, select a user.

In the user's Audit tab, enter the user exceptions, write the file, and exit the editor.

Follow the online help for assistance. The following example shows the format of the audit_user file.

For example, the following audit_user entry audits the role root for logins and logouts, and never audits the fc class, even if it is being audited for the system. The jane entry audits her for all flags specified in the audit_control file except for successful file_read events. Null events, no, are never audited.
```
# User Level Audit User File
#
# File Format
#
#       username:always:never
#
root:lo:no,fc
jane:all,^+fr:no
```

© 2010, Oracle Corporation and/or its affiliates