An audit record describes an event, such as logging in to a system or writing to a file. Oracle Solaris Auditing provides the following two auditing models on systems that are running zones:
All zones are audited identically from the global zone. This model is used when all zones are administered by the global zone, for example, to achieve service isolation through zones.
Each zone is audited independently of the global zone. This model is used when each zone is administered separately, for example, to achieve server consolidation by zone.
Auditing is described in Chapter 1, About Auditing in Oracle Solaris in Managing Auditing in Oracle Solaris 11.3. For zones considerations associated with auditing, see Auditing on a System With Oracle Solaris Zones in Managing Auditing in Oracle Solaris 11.3 and Configuring the Audit Service in Zones in Managing Auditing in Oracle Solaris 11.3. For additional information, also see the auditconfig(1M), auditreduce(1M), usermod(1M), and user_attr(4) man pages.
For additional information, see the example that follows How to Change Audit Policy in Managing Auditing in Oracle Solaris 11.3.