Go to main content
oracle home
Managing Auditing in Oracle
®
Solaris 11.4
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.4 Information Library
»
Managing Auditing in Oracle
®
...
Updated: November 2020
Managing Auditing in Oracle
®
Solaris 11.4
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 About Auditing in Oracle Solaris
What's New in the Audit Service in Oracle Solaris 11.4
What Is Auditing?
How Does Auditing Work?
How Is Auditing Configured?
How Is Auditing Related to Security?
Auditing on a System With Oracle Solaris Zones
Audit Terminology and Concepts
Audit Events
Audit Classes and Preselection
Audit Records and Audit Tokens
Audit Plugin Modules
Audit Logs
About Binary Records
About syslog Audit Records
Storing and Managing the Audit Trail
Ensuring Reliable Time Stamps
Managing the Audit Remote Server
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
Chapter 2 Planning for Auditing
Concepts in Planning Auditing
Planning an Audit Trail
Planning Auditing in Zones
Implementing One Audit Service for All Zones
Implementing One Audit Service Per Zone
Planning Auditing
How to Plan Who and What to Audit
Planning Disk Space for Audit Records
How to Plan Disk Space for Audit Records
Preparing to Stream Audit Records to Remote Storage
How to Prepare to Stream Audit Records to Remote Storage
Understanding Audit Policy
Controlling Auditing Costs
Cost of Increased Processing Time of Audit Data
Cost of Analysis of Audit Data
Cost of Storage of Audit Data
Auditing Efficiently
Chapter 3 Managing the Audit Service
Default Configuration of the Audit Service
sstore Audit Meta-Class
Displaying Audit Service Defaults
Enabling and Disabling the Audit Service
Configuring the Audit Service
Configuring Audit With the auditconfig Subcommands
Auditing Per User or Rights Profile
Auditing Zones
New Feature – Auditing Events Temporarily
New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
New Feature – Auditing Verified Boot
New Feature – auditstat Command Extended
Audit Configuration Task Map
How to Preselect Audit Classes
How to Configure a User's Audit Characteristics
How to Change Audit Policy
How to Configure the audit_warn Email Alias
How to Add an Audit Class
How to Change an Audit Event's Class Membership
New Feature – Annotating Reason for Access in the Audit Record
Configuring Annotation
Configuring Annotation for Specific Users
Configuring Annotation for All Users
PAM Supports Annotation of Logins
Tracking Annotations in an Audit Trail
Selecting What Is Audited
How to Audit All Commands by Users
How to Audit Significant Events in Addition to Login/Logout
How to Find Audit Records of Changes to Specific Files
New Feature – Per-Object Logging of Audit Events
New Feature – Per-Privilege Logging of Audit Events
Specifying Files or Directories to Be Audited
Setting Audit ACL Entries
Viewing Per-Object Logs
How to Update the Preselection Mask of Logged In Users
How to Prevent the Auditing of Specific Events
How to Compress Audit Files on a Dedicated File System
How to Audit FTP and SFTP File Transfers
Configuring the Audit Service in Zones
How to Configure All Zones Identically for Auditing
How to Configure Per-Zone Auditing
Example: Configuring Oracle Solaris Auditing
New Feature – Restricting Access to Audit Records With File Labeling
Chapter 4 Configuring the Formats of Audit Logs and Where They Are Stored
New Feature – Flexible Per-Plugin Configuration of Audit Classes
Configuring Local Audit Logs
Configuring the audit_binfile and audit_syslog Plugins
How to Create ZFS File Systems for Audit Files
Configuring Audit Space for the Audit Trail and Audit Files
How to Configure syslog for the audit_syslog Plugin
Configuring Remote Repositories for Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
Chapter 5 Viewing Audit Records
Displaying Audit Trail Data
Displaying Audit Record Definitions
Selecting Audit Events to Be Displayed
Viewing the Contents of Binary Audit Files
Managing Audit Records on Local Systems
How to Merge Audit Files From the Audit Trail
Cleaning Up Non-Terminated Audit Files
How to Clean Up a not_terminated Audit File
Preventing Audit Trail Overflow
New Feature – Listing the Available Audit Classes
New Feature – Listing Audit Events by Audit Class
New Feature – Filtering Audit Records by Functional Area
New Feature – Reviewing Multiple Audit Events
New Feature – Viewing a Summary of Audit Records
New Feature – Displaying Auditing Data Graphically
Viewing Audit Data in the Statistics Store
Analytics' Auditing Sheet
Chapter 6 Analyzing and Resolving Audit Issues
Troubleshooting the Audit Service
Audit Records Are Not Being Logged
Audit Service Not Running
No Audit Plugin Active
Audit Class Undefined
No Assigned Events to Audit Class
Volume of Audit Records Is Large
Binary Audit File Sizes Grow Without Limit
Logins From Other Operating Systems Not Being Audited
crontab File Editing Fails With Audit Context Error
Best Practices for Auditing Core System Files
Chapter 7 Auditing Reference
Audit Service
Audit Service Man Pages
Rights Profiles for Administering Auditing
Auditing and Oracle Solaris Zones
Audit Configuration Files and Packaging
Audit Classes
Audit Class Syntax
Audit Plugins
Audit Remote Server
Audit Policy
Audit Policies for Asynchronous and Synchronous Events
Process Audit Characteristics
Audit Trail
Conventions for Binary Audit File Names
Audit Record Structure
Audit Record Analysis
Audit Token Formats
Audit Service Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index X
Index Z
Language:
English
Managing Auditing in Oracle
®
Solaris 11.4
November 2020
Describes how to administer auditing on Oracle Solaris systems.
Document Information
Using This Documentation
Product Documentation Library
Feedback
1 About Auditing in Oracle Solaris
What's New in the Audit Service in Oracle Solaris 11.4
What Is Auditing?
How Does Auditing Work?
How Is Auditing Configured?
How Is Auditing Related to Security?
Auditing on a System With Oracle Solaris Zones
Audit Terminology and Concepts
Audit Events
Audit Classes and Preselection
Audit Records and Audit Tokens
Audit Plugin Modules
Audit Logs
About Binary Records
About syslog Audit Records
Storing and Managing the Audit Trail
Ensuring Reliable Time Stamps
Managing the Audit Remote Server
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
2 Planning for Auditing
Concepts in Planning Auditing
Planning an Audit Trail
Planning Auditing in Zones
Implementing One Audit Service for All Zones
Implementing One Audit Service Per Zone
Planning Auditing
How to Plan Who and What to Audit
Planning Disk Space for Audit Records
How to Plan Disk Space for Audit Records
Preparing to Stream Audit Records to Remote Storage
How to Prepare to Stream Audit Records to Remote Storage
Understanding Audit Policy
Controlling Auditing Costs
Cost of Increased Processing Time of Audit Data
Cost of Analysis of Audit Data
Cost of Storage of Audit Data
Auditing Efficiently
3 Managing the Audit Service
Default Configuration of the Audit Service
sstore Audit Meta-Class
Displaying Audit Service Defaults
Enabling and Disabling the Audit Service
Configuring the Audit Service
Configuring Audit With the auditconfig Subcommands
Auditing Per User or Rights Profile
Auditing Zones
New Feature – Auditing Events Temporarily
New Feature – Refreshing the auditset SMF Service After Changing Event-Class Mappings
New Feature – Auditing Verified Boot
New Feature – auditstat Command Extended
Audit Configuration Task Map
How to Preselect Audit Classes
How to Configure a User's Audit Characteristics
How to Change Audit Policy
How to Configure the audit_warn Email Alias
How to Add an Audit Class
How to Change an Audit Event's Class Membership
New Feature – Annotating Reason for Access in the Audit Record
Configuring Annotation
Configuring Annotation for Specific Users
Configuring Annotation for All Users
PAM Supports Annotation of Logins
Tracking Annotations in an Audit Trail
Selecting What Is Audited
How to Audit All Commands by Users
How to Audit Significant Events in Addition to Login/Logout
How to Find Audit Records of Changes to Specific Files
New Feature – Per-Object Logging of Audit Events
New Feature – Per-Privilege Logging of Audit Events
Specifying Files or Directories to Be Audited
Setting Audit ACL Entries
Viewing Per-Object Logs
How to Update the Preselection Mask of Logged In Users
How to Prevent the Auditing of Specific Events
How to Compress Audit Files on a Dedicated File System
How to Audit FTP and SFTP File Transfers
Configuring the Audit Service in Zones
How to Configure All Zones Identically for Auditing
How to Configure Per-Zone Auditing
Example: Configuring Oracle Solaris Auditing
New Feature – Restricting Access to Audit Records With File Labeling
4 Configuring the Formats of Audit Logs and Where They Are Stored
New Feature – Flexible Per-Plugin Configuration of Audit Classes
Configuring Local Audit Logs
Configuring the audit_binfile and audit_syslog Plugins
How to Create ZFS File Systems for Audit Files
Configuring Audit Space for the Audit Trail and Audit Files
How to Configure syslog for the audit_syslog Plugin
Configuring Remote Repositories for Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
5 Viewing Audit Records
Displaying Audit Trail Data
Displaying Audit Record Definitions
Selecting Audit Events to Be Displayed
Viewing the Contents of Binary Audit Files
Managing Audit Records on Local Systems
How to Merge Audit Files From the Audit Trail
Cleaning Up Non-Terminated Audit Files
How to Clean Up a not_terminated Audit File
Preventing Audit Trail Overflow
New Feature – Listing the Available Audit Classes
New Feature – Listing Audit Events by Audit Class
New Feature – Filtering Audit Records by Functional Area
New Feature – Reviewing Multiple Audit Events
New Feature – Viewing a Summary of Audit Records
New Feature – Displaying Auditing Data Graphically
Viewing Audit Data in the Statistics Store
Analytics' Auditing Sheet
6 Analyzing and Resolving Audit Issues
Troubleshooting the Audit Service
Audit Records Are Not Being Logged
Audit Service Not Running
No Audit Plugin Active
Audit Class Undefined
No Assigned Events to Audit Class
Volume of Audit Records Is Large
Binary Audit File Sizes Grow Without Limit
Logins From Other Operating Systems Not Being Audited
crontab File Editing Fails With Audit Context Error
Best Practices for Auditing Core System Files
7 Auditing Reference
Audit Service
Audit Service Man Pages
Rights Profiles for Administering Auditing
Auditing and Oracle Solaris Zones
Audit Configuration Files and Packaging
Audit Classes
Audit Class Syntax
Audit Plugins
Audit Remote Server
Audit Policy
Audit Policies for Asynchronous and Synchronous Events
Process Audit Characteristics
Audit Trail
Conventions for Binary Audit File Names
Audit Record Structure
Audit Record Analysis
Audit Token Formats
Audit Service Glossary
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
R
S
T
U
V
X
Z