|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: Security Services Oracle Solaris 11 Express 11/10|
Randomly audit only a certain percentage of users at any one time.
If the audit_binfile plugin is active, reduce the disk-storage requirements for audit files by merging, reducing, and compressing the files. Develop procedures for archiving the files, for transferring the files to removable media, and for storing the files offline.
audit_syslog plugin – You can extend management and analysis tools that you have already developed to handle the audit records in syslog files.
audit_binfile plugin – You can set up procedures to monitor the audit trail for certain activities. You can write a script to trigger an automatic increase in the auditing of certain users or certain systems in response to detection of unusual events.
Monitors the creation of audit files on all the audit file servers.
Processes the audit files with the tail command.
The piping of the output from the tail -0f command through the praudit command can yield a stream of audit records as the records are generated. For more information, see the tail(1) man page.
Analyzes this stream for unusual message types or other indicators, and delivers the analysis to the auditor.
Or, the script can be used to trigger automatic responses.
Constantly monitors the audit directories for the appearance of new not_terminated audit files.
Terminates outstanding tail processes when their files are no longer being written to.