|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library|
Non-global zones can be audited exactly as the global zone is audited, or non-global zones can set their own flags, storage, and audit policy.
When all zones are being audited identically, the audit_class and audit_event files in the global zone provide the class-event mappings for auditing in every zone. The +zonename policy option is useful for post-selecting records by zone name.
Zones can also be audited individually. When the policy option, perzone, is set in the global zone, each non-global zone runs its own audit service, handles its own audit queue, and specifies the content and location of its audit records. A non-global zone can also set most audit policy options. It cannot set policy that affects the entire system, so a non-global zone cannot set the ahlt or perzone policy. For further discussion, see Auditing on a System With Oracle Solaris Zones and How to Plan Auditing in Zones.