The Oracle Solaris OS can audit all logins independent of source. If logins are not being audited, then the lo class for both attributable and non-attributable events is probably not set, This class audits logins, logouts, and screen locks. These classes are audited by default.
In this example, the output of the first two commands shows that the lo class for attributable and non-attributable events is not set. Then, the last two commands set the lo class to enable auditing of login events.
# auditconfig -getflags active user default audit flags = as,st(0x20800,0x20800) configured user default audit flags = as,st(0x20800,0x20800) # auditconfig -getnaflags active non-attributable audit flags = na(0x400,0x400) configured non-attributable audit flags = na(0x400,0x400) # auditconfig -setflags lo,as,st user default audit flags = as,lo,st(0x21800,0x21800) # auditconfig -setnaflags lo,na non-attributable audit flags = lo,na(0x1400,0x1400)