The administration framework provides an audit trail of the Admin GUI. The audit trail is an audit log of the activities performed by multiple administration accounts. All events that modify system settings are logged in the audit trail. Sun Ray Software uses the syslog implementation.

The events are logged in the following log file:

/var/opt/SUNWut/log/messages

All audit events are prefixed with the keyword utadt:: so you can filter events from the messages file.

For example, session termination from the Admin GUI generates the following audit event:

Jun 6 18:49:51 sunrayserver usersession[17421]: [ID 521130 user.info] utadt:: username= /
{demo} hostname={sunrayserver} service={Sessions}
cmd={/opt/SUNWut/lib/utrcmd sunrayserver /opt/SUNWut/sbin/utsession -x -d 4 -t  /
Cyberflex_Access_FullCrypto.1047750b1e0e -k 2>&P1}
message={terminated User "Cyberflex_Access_FullCrypto.1047750b1e0e" with display number="4" on  /
"sunrayserver"}
status={0} return_val={0}

where: