This section covers various auditing error messages, preferences, and the auditing that is provided by other tools to help you debug audit problems.
Typically, different notices are sent to alert you of errors in the audit service. Review your email and the log files if you think that problems exist with the audit service.
Read the email sent to the audit_warn alias.
The audit_warn script sends alert messages to the audit_warn email alias. In the absence of a correctly configured alias, the messages are sent to the root account.
Review the log files for the audit service.
The output from the svcs -s auditd command lists the full path to the audit logs that the audit service produces.
Review the system log files.
The audit_warn script writes daemon.alert messages to the /var/log/syslog file.
The /var/adm/messages file might contain information.
After you locate and fix the problems, enable or restart the audit service.
# audit -s
The following sections describe possible problem cases and the steps to resolve them.