Managing Auditing in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014

Default Configuration of the Audit Service

The audit service has a default configuration and is immediately operational on the global zone after you install Oracle Solaris 11.2. No additional action is required to enable or configure the service to become usable. With its default configuration, the audit service records the following operations:

  • Login and logout operations

  • Use of the su command

  • Screen lock and screen unlock operations

Because the service's default configuration has no performance impact on the system, disabling the service on performance grounds is not required.

Provided that you have the appropriate audit-related rights, such as those in the Audit Review Rights profile, you can review the audit logs. The logs are stored in /var/audit/hostname. You view these files by using the praudit and auditreduce commands. For more information, see Displaying Audit Trail Data.

The subsequent sections in this chapter provide instructions for customizing the audit service configuration, if the default configuration is insufficient for your needs.