oracle home
Managing Auditing in Oracle
®
Solaris 11.2
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.2 Information Library
»
Managing Auditing in Oracle
®
...
»
Index A
Updated: July 2014
Managing Auditing in Oracle
®
Solaris 11.2
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 About Auditing in Oracle Solaris
What's New in the Audit Service in Oracle Solaris
What Is Auditing?
Audit Terminology and Concepts
Audit Events
Audit Classes and Preselection
Audit Records and Audit Tokens
Audit Plugin Modules
Audit Logs
About Binary Records
About syslog Audit Records
Storing and Managing the Audit Trail
Ensuring Reliable Time Stamps
Managing a Remote Repository
How Is Auditing Related to Security?
How Does Auditing Work?
How Is Auditing Configured?
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
Auditing on a System With Oracle Solaris Zones
Chapter 2 Planning for Auditing
Concepts in Planning Auditing
Planning a Single System Audit Trail
Planning Auditing in Zones
Implementing One Audit Service for All Zones
Implementing One Audit Service Per Zone
Planning Auditing
How to Plan Who and What to Audit
Planning Disk Space for Audit Records
How to Plan Disk Space for Audit Records
Preparing to Stream Audit Records to Remote Storage
How to Prepare to Stream Audit Records to Remote Storage
Understanding Audit Policy
Controlling Auditing Costs
Cost of Increased Processing Time of Audit Data
Cost of Analysis of Audit Data
Cost of Storage of Audit Data
Auditing Efficiently
Chapter 3 Managing the Audit Service
Default Configuration of the Audit Service
Displaying Audit Service Defaults
Enabling and Disabling the Audit Service
Configuring the Audit Service
How to Preselect Audit Classes
How to Configure a User's Audit Characteristics
How to Change Audit Policy
How to Change Audit Queue Controls
How to Configure the audit_warn Email Alias
How to Add an Audit Class
How to Change an Audit Event's Class Membership
Customizing What Is Audited
How to Audit All Commands by Users
How to Find Audit Records of Changes to Specific Files
How to Update the Preselection Mask of Logged In Users
How to Prevent the Auditing of Specific Events
How to Compress Audit Files on a Dedicated File System
How to Audit FTP and SFTP File Transfers
Configuring the Audit Service in Zones
How to Configure All Zones Identically for Auditing
How to Configure Per-Zone Auditing
Example: Configuring Oracle Solaris Auditing
Chapter 4 Monitoring System Activities
Configuring Audit Logs
Configuring Audit Logs
How to Create ZFS File Systems for Audit Files
How to Assign Audit Space for the Audit Trail
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
How to Configure syslog Audit Logs
Chapter 5 Working With Audit Data
Displaying Audit Trail Data
Displaying Audit Record Definitions
Selecting Audit Events to Be Displayed
Viewing the Contents of Binary Audit Files
Managing Audit Records on Local Systems
How to Merge Audit Files From the Audit Trail
How to Clean Up a not_terminated Audit File
Preventing Audit Trail Overflow
Chapter 6 Analyzing and Resolving Audit Service Issues
Troubleshooting the Audit Service
Audit Records Are Not Being Logged
Audit Service Not Running
No Audit Plugin Active
Audit Class Undefined
No Assigned Events to Audit Class
Volume of Audit Records Is Large
Binary Audit File Sizes Grow Without Limit
Logins From Other Operating Systems Not Being Audited
Chapter 7 Auditing Reference
Audit Service
Audit Service Man Pages
Rights Profiles for Administering Auditing
Auditing and Oracle Solaris Zones
Audit Configuration Files and Packaging
Audit Classes
Audit Class Syntax
Audit Plugins
Audit Remote Server
Audit Policy
Audit Policies for Asynchronous and Synchronous Events
Process Audit Characteristics
Audit Trail
Conventions for Binary Audit File Names
Audit Record Structure
Audit Record Analysis
Audit Token Formats
acl Token
argument Token
attribute Token
cmd Token
exec_args Token
exec_env Token
file Token
fmri Token
group Token
header Token
ip address Token
ip port Token
ipc Token
IPC_perm Token
path Token
path_attr Token
privilege Token
process Token
return Token
sequence Token
socket Token
subject Token
text Token
trailer Token
use of authorization Token
use of privilege Token
user Token
xclient Token
zonename Token
Security Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Index X
Index Z
Language:
English
A
–a
option
auditrecord
command
Displaying Audit Record Definitions
–A
option
auditreduce
command
Copying Audit Files to a Summary File
acl
audit token
format
acl Token
active audit policy
temporary audit policy
How to Change Audit Policy
adding
audit classes
How to Add an Audit Class
How to Add an Audit Class
audit file systems
How to Create ZFS File Systems for Audit Files
audit policy
How to Change Audit Policy
auditing
of individual users
Volume of Audit Records Is Large
How to Configure a User's Audit Characteristics
of zones
Concepts in Planning Auditing
plugins
auditing
How to Configure syslog Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
temporary audit policy
Setting a Temporary Audit Policy
administering auditing
audit -s
command
Example: Configuring Oracle Solaris Auditing
Enabling and Disabling the Audit Service
audit -t
command
Enabling and Disabling the Audit Service
audit classes
Audit Classes and Preselection
audit events
Audit Events
audit files
Viewing the Contents of Binary Audit Files
audit records
Audit Records and Audit Tokens
audit trail overflow prevention
Preventing Audit Trail Overflow
audit_remote
plugin
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
audit_syslog
plugin
How to Configure syslog Audit Logs
auditconfig
command
How to Preselect Audit Classes
Configuring the Audit Service
auditreduce
command
How to Merge Audit Files From the Audit Trail
configuring
Configuring the Audit Service
cost control
Controlling Auditing Costs
description
Flow of Auditing
disabling
Enabling and Disabling the Audit Service
efficiency
Auditing Efficiently
enabling
Enabling and Disabling the Audit Service
in zones
Auditing and Oracle Solaris Zones
Configuring the Audit Service in Zones
Planning Auditing in Zones
Auditing on a System With Oracle Solaris Zones
plugins
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
policy
How to Change Audit Policy
praudit
command
Viewing the Contents of Binary Audit Files
queue controls
How to Change Audit Queue Controls
reducing space requirements
Cost of Storage of Audit Data
refreshing
Example: Configuring Oracle Solaris Auditing
reports
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
rights profiles required
Rights Profiles for Administering Auditing
ahlt
audit policy
description
Effects of Audit Policy Options
setting
Setting the ahlt Audit Policy Option
with
cnt
policy
Audit Policies for Asynchronous and Synchronous Events
all
audit class
caution for using
Audit Classes
always-audit
classes
process preselection mask
Process Audit Characteristics
archiving
audit files
Preventing Audit Trail Overflow
arge
audit policy
and
exec_env
token
exec_env Token
description
Effects of Audit Policy Options
setting
How to Audit All Commands by Users
argument
audit token
format
argument Token
argv
audit policy
and
exec_args
token
exec_args Token
description
Effects of Audit Policy Options
setting
How to Audit All Commands by Users
asynchronous audit events
Audit Policies for Asynchronous and Synchronous Events
Audit Policies for Asynchronous and Synchronous Events
attribute
audit token
attribute Token
audit classes
description
Audit Terminology and Concepts
exceptions to system-wide settings
Audit Classes and Preselection
post-selection
Audit Terminology and Concepts
preselection
Audit Terminology and Concepts
audit plugins
description
Audit Terminology and Concepts
audit records
description
Audit Terminology and Concepts
audit trail
description
Audit Terminology and Concepts
audit events
summary
Audit Terminology and Concepts
audit events
mapping to classes
Audit Classes and Preselection
audit trail
overview
Flow of Auditing
audit -s
command
Example: Configuring Oracle Solaris Auditing
Example: Configuring Oracle Solaris Auditing
Enabling and Disabling the Audit Service
audit -t
command
Enabling and Disabling the Audit Service
audit characteristics
audit user ID
Process Audit Characteristics
processes
Process Audit Characteristics
session ID
Process Audit Characteristics
terminal ID
Process Audit Characteristics
user process preselection mask
Process Audit Characteristics
audit classes
adding
How to Add an Audit Class
configuration
Audit Classes
cusa
Collecting Audit Records for External Auditors
description
Audit Events
displaying defaults
Displaying Audit Service Defaults
mapping events
Audit Classes and Preselection
modifying default
How to Add an Audit Class
overview
Audit Classes and Preselection
prefixes
Audit Class Syntax
preselecting
effect on public objects
Audit Terminology and Concepts
for failure
Specifying Audit Classes for syslog Output
How to Configure syslog Audit Logs
Modifying Audit Preselection Exception for One User
for success
Specifying Audit Classes for syslog Output
How to Configure syslog Audit Logs
Modifying Audit Preselection Exception for One User
for success and failure
How to Preselect Audit Classes
process preselection mask
Process Audit Characteristics
replacing
How to Preselect Audit Classes
syntax
Audit Class Syntax
Audit Classes
user exceptions
How to Configure a User's Audit Characteristics
Audit Configuration rights profile
Rights Profiles for Administering Auditing
configuring audit policy
How to Change Audit Policy
displaying auditing defaults
Displaying Audit Service Defaults
preselecting audit classes
How to Preselect Audit Classes
Audit Control rights profile
Rights Profiles for Administering Auditing
disabling audit service
Enabling and Disabling the Audit Service
enabling audit service
Enabling and Disabling the Audit Service
refreshing audit service
Example: Configuring Oracle Solaris Auditing
audit directory
creating file systems for
How to Create ZFS File Systems for Audit Files
audit event-to-class mappings
changing
How to Change an Audit Event's Class Membership
audit events
asynchronous
Audit Policies for Asynchronous and Synchronous Events
audit_event
file and
Audit Events
changing class membership
How to Change an Audit Event's Class Membership
description
Audit Events
removing from
audit_event
file
How to Prevent the Auditing of Specific Events
selecting from audit trail
Selecting Audit Events to Be Displayed
selecting from audit trail in zones
Auditing and Oracle Solaris Zones
synchronous
Audit Policies for Asynchronous and Synchronous Events
viewing from binary files
Viewing the Contents of Binary Audit Files
audit file system
description
Audit Terminology and Concepts
audit files
combining
How to Merge Audit Files From the Audit Trail
compressing on disk
How to Compress Audit Files on a Dedicated File System
copying messages to single file
Merging Selected Records to a Single File
creating summary files
Merging Selected Records to a Single File
Copying One User's Audit Records to a Summary File
Combining and Reducing Audit Files
effects of Coordinated Universal Time (UTC)
How to Merge Audit Files From the Audit Trail
limiting size of
Binary Audit File Sizes Grow Without Limit
managing
Preventing Audit Trail Overflow
printing
Printing the Entire Audit Trail
reading with
praudit
Viewing the Contents of Binary Audit Files
reducing size of
How to Merge Audit Files From the Audit Trail
reducing space requirements
Cost of Storage of Audit Data
reducing storage-space requirements
Auditing Efficiently
setting aside disk space for
How to Create ZFS File Systems for Audit Files
time stamps
Conventions for Binary Audit File Names
ZFS file systems
How to Create ZFS File Systems for Audit Files
How to Compress Audit Files on a Dedicated File System
audit flags
summary of
Audit Terminology and Concepts
audit logs
See also
audit files
comparing binary and text summaries
Audit Logs
configuring
Configuring Audit Logs
configuring text summary audit logs
How to Configure syslog Audit Logs
modes
Audit Logs
audit plugins
audit_binfile
plugin
How to Assign Audit Space for the Audit Trail
How to Change Audit Queue Controls
audit_remote
plugin
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
audit_syslog
plugin
How to Configure syslog Audit Logs
qsize
attribute
How to Change Audit Queue Controls
summary of
Audit Remote Server
Audit Plugins
Audit Service Man Pages
audit policy
audit tokens from
Audit Policy
defaults
Understanding Audit Policy
description
Audit Terminology and Concepts
displaying defaults
Displaying Audit Service Defaults
effects of
Understanding Audit Policy
public
Effects of Audit Policy Options
setting
How to Change Audit Policy
setting
ahlt
Setting the ahlt Audit Policy Option
setting
arge
How to Audit All Commands by Users
setting
argv
How to Audit All Commands by Users
setting in global zone
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
setting
perzone
Setting the perzone Audit Policy
that does not affect tokens
Audit Policy
tokens added by
Audit Policy
audit preselection mask
modifying for existing users
How to Update the Preselection Mask of Logged In Users
modifying for individual users
How to Configure a User's Audit Characteristics
audit queue
events included
Audit Classes and Preselection
audit queue controls
displaying defaults
Displaying Audit Service Defaults
getting
How to Change Audit Queue Controls
audit records
/var/adm/auditlog
file
How to Configure syslog Audit Logs
converting to readable format
Viewing a Specific Audit File
copying to single file
Merging Selected Records to a Single File
displaying
Viewing the Contents of Binary Audit Files
displaying definitions of
procedure
Displaying Audit Record Definitions
displaying formats of a program
Displaying the Audit Record Definitions of a Program
displaying formats of an audit class
Displaying the Audit Record Definitions of an Audit Class
displaying in XML format
Putting Audit Records in XML Format
event modifiers
header Token
events that generate
How Does Auditing Work?
format
Audit Record Structure
formatting example
Displaying Audit Record Definitions
merging
How to Merge Audit Files From the Audit Trail
overview
Audit Records and Audit Tokens
policies that add tokens to
Audit Policy
reducing audit file size
How to Merge Audit Files From the Audit Trail
sequence of tokens
Audit Record Structure
Audit Remote Server (ARS)
managing
Managing a Remote Repository
Audit Review rights profile
Rights Profiles for Administering Auditing
audit service
See also
auditing
audit trail creation
Audit Trail
configuring policy
How to Change Audit Policy
configuring queue controls
How to Change Audit Queue Controls
defaults
Audit Service
disabling
Enabling and Disabling the Audit Service
enabling
Enabling and Disabling the Audit Service
policy
Understanding Audit Policy
refreshing the kernel
Example: Configuring Oracle Solaris Auditing
troubleshooting
Audit Records Are Not Being Logged
audit session ID
Process Audit Characteristics
overview
What Is Auditing?
audit tokens
See also
individual audit token names
added by audit policy
Audit Policy
audit record format
Audit Record Structure
description
Audit Records and Audit Tokens
Audit Terminology and Concepts
format
Audit Token Formats
list of
Audit Token Formats
xclient
token
xclient Token
audit trail
adding disk space
How to Assign Audit Space for the Audit Trail
analysis costs
Cost of Analysis of Audit Data
cleaning up not_terminated files
How to Clean Up a not_terminated Audit File
creating summary files
Copying One User's Audit Records to a Summary File
Combining and Reducing Audit Files
effect of audit policy
Understanding Audit Policy
monitoring in real time
Auditing Efficiently
preventing overflow
Preventing Audit Trail Overflow
reducing size of
Volume of Audit Records Is Large
How to Compress Audit Files on a Dedicated File System
selecting events from
Selecting Audit Events to Be Displayed
sending files to remote repository
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
viewing events from
Viewing the Contents of Binary Audit Files
viewing events from different zones
Auditing and Oracle Solaris Zones
audit user ID
mechanism
Process Audit Characteristics
overview
What Is Auditing?
audit.notice
entry
syslog.conf
file
How to Configure syslog Audit Logs
audit
command
disabling audit service
Enabling and Disabling the Audit Service
options
Audit Service Man Pages
refreshing audit service
Example: Configuring Oracle Solaris Auditing
audit_binfile
plugin
Audit Plugin Modules
getting attributes
Removing Queue Size for an Audit Plugin
Specifying Several Changes to an Audit Plugin
Limiting File Size for the audit_binfile Plugin
limiting audit file size
Limiting File Size for the audit_binfile Plugin
removing queue size
Removing Queue Size for an Audit Plugin
setting attributes
How to Assign Audit Space for the Audit Trail
setting free space warning
Setting a Soft Limit for Warnings
specifying time for log rotation
Specifying Time for Log Rotation
audit_class
file
adding a class
How to Add an Audit Class
troubleshooting
Creating a New Audit Class
audit_event
file
changing class membership
How to Change an Audit Event's Class Membership
description
Audit Events
removing events safely
How to Prevent the Auditing of Specific Events
audit_flags
keyword
How to Configure a User's Audit Characteristics
specifying user exceptions to audit preselection
How to Configure a User's Audit Characteristics
use
Audit Class Syntax
using caret (
^
) prefix
Modifying Audit Preselection Exception for One User
audit_remote
plugin
Audit Plugin Modules
configuring
How to Configure a Remote Repository for Audit Files
getting attributes
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
setting attributes
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
troubleshooting audit queue overfull
Tuning the Audit Queue Buffer Size
audit_syslog
plugin
Audit Plugin Modules
setting attributes
How to Configure syslog Audit Logs
audit_warn
script
configuring
How to Configure the audit_warn Email Alias
description
Audit Service Man Pages
auditconfig
command
audit classes as arguments
Audit Classes and Preselection
setting system-wide audit parameters
Audit Classes and Preselection
auditconfig
command
adding audit file systems
How to Assign Audit Space for the Audit Trail
configuring policy
How to Change Audit Policy
configuring queue controls
How to Change Audit Queue Controls
description
Audit Service Man Pages
displaying audit defaults
Displaying Audit Service Defaults
–getplugin
option
How to Configure syslog Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
policy options
How to Change Audit Policy
preselecting audit classes
How to Preselect Audit Classes
queue control options
How to Change Audit Queue Controls
sending files to remote repository
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
–setflags
option
How to Preselect Audit Classes
–setnaflags
option
How to Preselect Audit Classes
–setplugin
option
How to Configure syslog Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
setting active audit policy
Setting a Temporary Audit Policy
setting audit policy
How to Audit All Commands by Users
setting audit policy temporarily
Setting a Temporary Audit Policy
setting
audit_binfile
attributes
How to Assign Audit Space for the Audit Trail
setting
audit_remote
attributes
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
viewing default audit preselection
How to Preselect Audit Classes
auditd
daemon
refreshing audit service
Example: Configuring Oracle Solaris Auditing
auditing
adding audit flags to a group of users
Creating a Rights Profile for a Group of Users
all commands by users
How to Audit All Commands by Users
analysis
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
Audit Remote Server (ARS)
Managing a Remote Repository
changes in current release
What's New in the Audit Service in Oracle Solaris
configuring
all zones
Configuring the Audit Service
global zone
Setting the ahlt Audit Policy Option
identically for all zones
How to Configure All Zones Identically for Auditing
per zone
How to Configure Per-Zone Auditing
configuring in global zone
Implementing One Audit Service for All Zones
customizing
Customizing What Is Audited
default configuration
Default Configuration of the Audit Service
defaults
Audit Service
determining if running
Audit Records Are Not Being Logged
disabling
Enabling and Disabling the Audit Service
enabling
Enabling and Disabling the Audit Service
finding changes to specific files
How to Find Audit Records of Changes to Specific Files
getting queue controls
How to Change Audit Queue Controls
local definition
Audit Terminology and Concepts
logins
Logins From Other Operating Systems Not Being Audited
man page summaries
Audit Service Man Pages
planning
Concepts in Planning Auditing
planning in zones
Planning Auditing in Zones
Planning Auditing in Zones
plugin modules
Audit Plugin Modules
plugin to Oracle Audit Vault and Database Firewall
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
post-selection definition
Audit Terminology and Concepts
preselection definition
Audit Terminology and Concepts
remote definition
Audit Terminology and Concepts
removing user-specific audit flags
Removing a User's Audit Flags
reports
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
rights profiles for
Rights Profiles for Administering Auditing
setting queue controls
How to Change Audit Queue Controls
sftp
file transfers
How to Audit FTP and SFTP File Transfers
troubleshooting
Troubleshooting the Audit Service
troubleshooting
praudit
command
Processing praudit Output With a Script
updating information
Example: Configuring Oracle Solaris Auditing
Example: Configuring Oracle Solaris Auditing
users only
Auditing Selected Users, No System-Wide Auditing
zones and
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
auditlog
file
text audit records
How to Configure syslog Audit Logs
auditrecord
command
[]
(square brackets) in output
Audit Record Analysis
description
Audit Service Man Pages
displaying audit record definitions
Displaying Audit Record Definitions
example
Displaying Audit Record Definitions
listing all formats
Displaying Audit Record Definitions
listing formats of class
Displaying the Audit Record Definitions of an Audit Class
listing formats of program
Displaying the Audit Record Definitions of a Program
optional tokens (
[]
)
Audit Record Analysis
auditreduce
command
–A
option
Copying Audit Files to a Summary File
–b
option
Combining and Reducing Audit Files
–c
option
Merging Selected Records to a Single File
Merging Selected Records to a Single File
–C
option
Copying Audit Files to a Summary File
cleaning up audit files
How to Clean Up a not_terminated Audit File
–d
option
Merging Selected Records to a Single File
description
Audit Service Man Pages
–e
option
Copying One User's Audit Records to a Summary File
examples
How to Merge Audit Files From the Audit Trail
filtering options
Selecting Audit Events to Be Displayed
–M
option
Copying Audit Files to a Summary File
merging audit records
How to Merge Audit Files From the Audit Trail
–O
option
Copying Audit Files to a Summary File
How to Merge Audit Files From the Audit Trail
Copying One User's Audit Records to a Summary File
selecting audit records
Selecting Audit Events to Be Displayed
time stamp use
How to Merge Audit Files From the Audit Trail
trailer
tokens, and
trailer Token
using lowercase options
Selecting Audit Events to Be Displayed
using uppercase options
How to Merge Audit Files From the Audit Trail
auditstat
command
description
Audit Service Man Pages
Previous
Next