This feature is new in the Solaris 9 8/03 release.
Enhancements to the audit features in this Solaris release reduce noise in the trail, and enable administrators to use XML scripting to parse the trail. These enhancements include the following:
Public files are no longer audited for read-only events. The public policy flag for the auditconfig command controls whether public files are audited. By not auditing public objects, the audit trail is greatly reduced. Attempts to read sensitive files are therefore easier to monitor.
The praudit command has an additional output format, XML. The XML format enables the output to be read in a browser, and provides source for XML scripting for reports. See the praudit(1M) man page.
The default set of audit classes has been restructured. Audit metaclasses provide support for finer-grained audit classes. See the audit_class(4) man page.
The bsmconv command no longer disables the use of the Stop-A key. The Stop-A event is now audited to maintain security.
For further information, see the System Administration Guide: Security Services.