The Logical Domains Manager uses the Solaris OS Basic Security module (BSM) auditing capability. BSM auditing provides the means to examine the history of actions and events on your control domain to determine what happened. The history is kept in a log of what was done, when it was done, by whom, and what was affected.
To enable and disable this auditing capability, use the Solaris OS bsmconv(1M) and bsmunconv(1M) commands. This section also includes tasks that show how to verify the auditing capability, print audit output, and rotate audit logs. You can find further information about BSM auditing in the Solaris 10 System Administration Guide: Security Services.
Add vs in the flags: line of the /etc/security/audit_control file.
Run the bsmconv(1M) command.
# /etc/security/bsmconv |
For more information about this command, see the bsmconv(1M) man page.
Reboot the Solaris OS for auditing to take effect.
Type the following command.
# auditconfig -getcond |
Check that audit condition = auditing appears in the output.
Run the bsmunconv command to disable BSM auditing.
# /etc/security/bsmunconv |
For more information about this command, see the bsmunconv(1M) man page.
Reboot the Solaris OS for the disabling of auditing to take effect.
Use one of the following to print BSM audit output:
Use the auditreduce(1M) and praudit(1M) commands to print audit output.
# auditreduce -c vs | praudit # auditreduce -c vs -a 20060502000000 | praudit |
Use the praudit -x command to print XML output.