Go to main content

Managing Auditing in Oracle® Solaris 11.3

Exit Print View

Updated: December 2018
 
 

Audit Remote Server

The Audit Remote Server (ARS) receives audit records over a secure link from audited systems and stores the records.

    The reception relies on the following being configured:

  • A Kerberos realm with specific audit principals and a GSS-API mechanism

  • The ARS with at least one configured and active connection group

  • At least one audited system in the connection group and a configured and active audit_remote plugin

A connection group is specified in the group property of the ARS. For file management, group can limit the size of an audit file and specify the minimum free space. The primary reason to specify different connection groups is to specify different storage locations on the ARS, as shown in Example 27, Streaming Audit Records to Different File Locations on the Same ARS.

For more information about the ARS, see the ars(5) man page. For ARS configuration information, see the –setremote options in the auditconfig(1M) man page.

To configure the audited systems, see the audit_remote(5) man page and the –setplugin option in the auditconfig(1M) man page.