Non-global zones can be audited exactly as the global zone is audited, or non-global zones can set their own flags, storage, and audit policy.
When all zones are being audited identically through the global zone, the audit_class and audit_event files provide the class-event mappings for auditing in the global zone and in every non-global zone. The –zonename policy option is useful for post-selecting records by zone name.
Zones can also be audited individually. When the policy option, perzone, is set in the global zone, each non-global zone runs its own audit service, handles its own audit queue, and specifies the content and location of its audit records. A non-global zone can also set most audit policy options. It cannot set policy that affects the entire system, so a non-global zone cannot set the ahlt or perzone policy. For further discussion, see Auditing on a System With Oracle Solaris Zones and Planning Auditing in Zones.
To learn about zones, see Introduction to Oracle Solaris Zones.