The administration framework provides an audit trail of the
Admin GUI. The audit trail is an audit log of the activities
performed by multiple administration accounts. All events that
modify system settings are logged in the audit trail. Sun Ray
Software uses the syslog
implementation.
The events are logged in the following log file:
/var/opt/SUNWut/log/messages
All audit events are prefixed with the keyword
utadt::
so you can filter events from the
messages
file.
For example, session termination from the Admin GUI generates the following audit event:
Jun 6 18:49:51 sunrayserver usersession[17421]: [ID 521130 user.info] utadt:: username= / {demo} hostname={sunrayserver} service={Sessions} cmd={/opt/SUNWut/lib/utrcmd sunrayserver /opt/SUNWut/sbin/utsession -x -d 4 -t / Cyberflex_Access_FullCrypto.1047750b1e0e -k 2>&1} message={terminated User "Cyberflex_Access_FullCrypto.1047750b1e0e" with display number="4" on / "sunrayserver"} status={0} return_val={0}
where:
username
= User's UNIX ID
hostname
= Host on which the command is
executed
service
= Name of the service being
executed
cmd
= Name of the command being executed
message
= Details about the action being
performed