Go to main content

Managing Auditing in Oracle® Solaris 11.4

Exit Print View

Updated: February 2019

Selecting What Is Audited

The following task map points to procedures to configure auditing that is specific to your needs.

Table 4  Customizing Auditing Task Map
For Instructions
Audit everything that a user does on the system.
Audit one or more users for every command.
Audit significant events.
Audit administrative commands, system access, and other significant events.
Change the audit events that are being recorded and have the change affect existing sessions.
Update a user's preselection mask.
Locate modifications to particular files in audited events.
Audit file modifications, then use the auditreduce command to find particular files.
Specify files or directories to be audited.
Set per-object logging for audit events.
Use less file system space for audit files.
Use ZFS quotas and compression.
Remove audit events from the audit_event file.
Correctly update the audit_event file.