System Administration Guide: Security Services

ProcedureHow to Audit Logins From Other OSes

The Solaris OS can audit all logins, independent of source.

  1. Audit the lo class for attributable and for non-attributable events.

    This class audits logins, logouts, and screen locks.

    ## audit_control file

    Note –

    To audit ssh logins, your Solaris system must be running the Solaris ssh daemon. This daemon is modified for Solaris auditing. For more information, see Solaris Secure Shell and the OpenSSH Project.