You must configure and enable the Oracle Solaris auditing feature on your system. Oracle Solaris 11 auditing is enabled by default, but you must still perform some configuration steps.
These customizations are preserved across Oracle Solaris upgrades, but should be re-added after a fresh Oracle Solaris installation.
40700:AUE_ldoms:ldoms administration:vs
0x10000000:vs:virtualization_software
The following example /etc/security/audit_control fragment shows how you might specify the vs class:
dir:/var/audit flags:lo,vs minfree:20 naflags:lo,na
# /etc/security/bsmconv
Ensure that any audit classes that have already been selected are part of the updated set of classes. The following example shows that the lo class is already selected:
# auditconfig -getflags active user default audit flags = lo(0x1000,0x1000) configured user default audit flags = lo(0x1000,0x1000)
# auditconfig -setflags [class],vs
class is zero or more audit classes, separated by commas. You can see the list of audit classes in the /etc/security/audit_class file. Be sure to include the vs class on your Oracle VM Server for SPARC system.
For example, the following command selects both the lo and vs classes:
# auditconfig -setflags lo,vs
If you do not want to log out, see How to Update the Preselection Mask of Logged In Users in Oracle Solaris 11.1 Administration: Security Services .
# auditconfig -getcond
If the auditing software is running, audit condition = auditing appears in the output.