Trusted Solaris Audit Administration

Using the sequence Token for Debugging

When an audit trail created from merging records from several workstations appears to have the records listed out of order, you can debug the audit trail discrepancies using the sequence token. Since the sequence token is not recorded by default, the security administrator adds it to the audit policy. The audit policy must be set identically on all workstations contributing to the audit trail.

When the audit trail has been debugged, the security administrator removes the token.