Go to main content
oracle home
Managing Auditing in Oracle
®
Solaris 11.3
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.3 Information Library
»
Managing Auditing in Oracle
®
...
»
Index Numbers and Symbols
Updated: April 2019
Managing Auditing in Oracle
®
Solaris 11.3
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 About Auditing in Oracle Solaris
What Is Auditing?
Audit Terminology and Concepts
Audit Events
Audit Classes and Preselection
Audit Records and Audit Tokens
Audit Plugin Modules
Audit Remote Server
Audit Logs
About Binary Records
About syslog Audit Records
Storing and Managing the Audit Trail
Ensuring Reliable Time Stamps
Managing a Remote Repository
How Is Auditing Related to Security?
How Does Auditing Work?
How Is Auditing Configured?
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
Auditing on a System With Oracle Solaris Zones
Chapter 2 Planning for Auditing
Concepts in Planning Auditing
Planning a Single System Audit Trail
Planning Auditing in Zones
Implementing One Audit Service for All Zones
Implementing One Audit Service Per Zone
Planning Auditing
How to Plan Who and What to Audit
Planning Disk Space for Audit Records
How to Plan Disk Space for Audit Records
Preparing to Stream Audit Records to Remote Storage
How to Prepare to Stream Audit Records to Remote Storage
Understanding Audit Policy
Controlling Auditing Costs
Cost of Increased Processing Time of Audit Data
Cost of Analysis of Audit Data
Cost of Storage of Audit Data
Auditing Efficiently
Chapter 3 Managing the Audit Service
Default Configuration of the Audit Service
Displaying Audit Service Defaults
Enabling and Disabling the Audit Service
Configuring the Audit Service
How to Preselect Audit Classes
How to Configure a User's Audit Characteristics
How to Change Audit Policy
How to Change Audit Queue Controls
How to Configure the audit_warn Email Alias
How to Add an Audit Class
How to Change an Audit Event's Class Membership
Customizing What Is Audited
How to Audit All Commands by Users
How to Find Audit Records of Changes to Specific Files
How to Update the Preselection Mask of Logged In Users
How to Prevent the Auditing of Specific Events
How to Compress Audit Files on a Dedicated File System
How to Audit FTP and SFTP File Transfers
Configuring the Audit Service in Zones
How to Configure All Zones Identically for Auditing
How to Configure Per-Zone Auditing
Example: Configuring Oracle Solaris Auditing
Chapter 4 Monitoring System Activities
Configuring Local Audit Logs
Configuring Audit Logs
How to Create ZFS File Systems for Audit Files
How to Assign Audit Space for the Audit Trail
How to Send Audit Files to a Remote Repository
How to Configure a Remote Repository for Audit Files
How to Configure syslog Audit Logs
Chapter 5 Working With Audit Data
Displaying Audit Trail Data
Displaying Audit Record Definitions
Selecting Audit Events to Be Displayed
Viewing the Contents of Binary Audit Files
Managing Audit Records on Local Systems
How to Merge Audit Files From the Audit Trail
How to Clean Up a not_terminated Audit File
Preventing Audit Trail Overflow
Chapter 6 Analyzing and Resolving Auditing Issues
Troubleshooting the Audit Service
Audit Records Are Not Being Logged
Audit Service Not Running
No Audit Plugin Active
Audit Class Undefined
No Assigned Events to Audit Class
Volume of Audit Records Is Large
Binary Audit File Sizes Grow Without Limit
Logins From Other Operating Systems Not Being Audited
crontab File Editing Fails With Audit Context Error
Best Practices for Auditing Core System Files
Chapter 7 Auditing Reference
Audit Service
Audit Service Man Pages
Rights Profiles for Administering Auditing
Auditing and Oracle Solaris Zones
Audit Configuration Files and Packaging
Audit Classes
Audit Class Syntax
Audit Plugins
Audit Remote Server
Audit Policy
Audit Policies for Asynchronous and Synchronous Events
Process Audit Characteristics
Audit Trail
Conventions for Binary Audit File Names
Audit Record Structure
Audit Record Analysis
Audit Token Formats
acl Token
argument Token
attribute Token
cmd Token
exec_args Token
exec_env Token
file Token
fmri Token
group Token
header Token
ip address Token
ip port Token
ipc Token
IPC_perm Token
path Token
path_attr Token
privilege Token
process Token
return Token
sequence Token
socket Token
subject Token
text Token
trailer Token
use of authorization Token
use of privilege Token
user Token
xclient Token
zonename Token
Audit Service Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Index X
Index Z
Language:
English
Index
Numbers and Symbols
+
(plus sign) in audit class prefixes
Audit Class Syntax
How to Configure syslog Audit Logs
-
(minus sign)
audit class prefix
Audit Class Syntax
[]
(square brackets)
auditrecord
output
Audit Record Analysis
^
(caret)
audit class prefix modifier
Audit Class Syntax
in audit class prefixes
How to Configure a User's Audit Characteristics
A
acl
audit token
format
acl Token
active audit policy
temporary audit policy
How to Change Audit Policy
adding
audit classes
How to Add an Audit Class
How to Add an Audit Class
audit file systems
How to Create ZFS File Systems for Audit Files
audit policy
How to Change Audit Policy
auditing
of individual users
Volume of Audit Records Is Large
How to Configure a User's Audit Characteristics
of zones
Concepts in Planning Auditing
plugins
auditing
How to Configure syslog Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
temporary audit policy
Setting a Temporary Audit Policy
administering auditing
audit -s
command
Example: Configuring Oracle Solaris Auditing
Enabling and Disabling the Audit Service
audit -t
command
Enabling and Disabling the Audit Service
audit classes
Audit Classes and Preselection
audit events
Audit Events
audit files
Viewing the Contents of Binary Audit Files
audit records
Audit Records and Audit Tokens
audit trail overflow prevention
Preventing Audit Trail Overflow
audit_remote
plugin
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
audit_syslog
plugin
How to Configure syslog Audit Logs
auditconfig
command
How to Preselect Audit Classes
Configuring the Audit Service
auditreduce
command
How to Merge Audit Files From the Audit Trail
configuring
Configuring the Audit Service
cost control
Controlling Auditing Costs
description
Flow of Auditing
disabling
Enabling and Disabling the Audit Service
efficiency
Auditing Efficiently
enabling
Enabling and Disabling the Audit Service
in zones
Auditing and Oracle Solaris Zones
Configuring the Audit Service in Zones
Planning Auditing in Zones
Auditing on a System With Oracle Solaris Zones
plugins
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
policy
How to Change Audit Policy
praudit
command
Viewing the Contents of Binary Audit Files
queue controls
How to Change Audit Queue Controls
reducing space requirements
Cost of Storage of Audit Data
refreshing
Example: Configuring Oracle Solaris Auditing
reports
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
rights profiles required
Rights Profiles for Administering Auditing
ahlt
audit policy
description
Effects of Audit Policy Options
setting
Setting the ahlt Audit Policy Option
with
cnt
policy
Audit Policies for Asynchronous and Synchronous Events
all
audit class
caution for using
Audit Classes
always-audit
classes
process preselection mask
Process Audit Characteristics
archiving
audit files
Preventing Audit Trail Overflow
arge
audit policy
and
exec_env
token
exec_env Token
description
Effects of Audit Policy Options
setting
How to Audit All Commands by Users
argument
audit token
format
argument Token
argv
audit policy
and
exec_args
token
exec_args Token
description
Effects of Audit Policy Options
setting
How to Audit All Commands by Users
ARS
See
audit remote server
See
audit remote server
asynchronous audit events
Audit Policies for Asynchronous and Synchronous Events
attribute
audit token
attribute Token
audit -s
command
Example: Configuring Oracle Solaris Auditing
Example: Configuring Oracle Solaris Auditing
Enabling and Disabling the Audit Service
audit -t
command
Enabling and Disabling the Audit Service
audit characteristics
audit user ID
Process Audit Characteristics
processes
Process Audit Characteristics
session ID
Process Audit Characteristics
terminal ID
Process Audit Characteristics
user process preselection mask
Process Audit Characteristics
audit classes
adding
How to Add an Audit Class
configuration
Audit Classes
cusa
Collecting Audit Records for External Auditors
description
Audit Events
Audit Terminology and Concepts
displaying defaults
Displaying Audit Service Defaults
exceptions to system-wide settings
Audit Classes and Preselection
mapping events
Audit Classes and Preselection
modifying default
How to Add an Audit Class
overview
Audit Classes and Preselection
post-selection
Audit Terminology and Concepts
prefixes
Audit Class Syntax
preselecting
effect on public objects
Audit Terminology and Concepts
for failure
Specifying Audit Classes for syslog Output
How to Configure syslog Audit Logs
Modifying Audit Preselection Exception for One User
for success
Specifying Audit Classes for syslog Output
How to Configure syslog Audit Logs
Modifying Audit Preselection Exception for One User
for success and failure
How to Preselect Audit Classes
preselection
Audit Terminology and Concepts
process preselection mask
Process Audit Characteristics
replacing
How to Preselect Audit Classes
syntax
Audit Class Syntax
user exceptions
How to Configure a User's Audit Characteristics
Audit Configuration rights profile
Rights Profiles for Administering Auditing
configuring audit policy
How to Change Audit Policy
displaying auditing defaults
Displaying Audit Service Defaults
preselecting audit classes
How to Preselect Audit Classes
Audit Control rights profile
Rights Profiles for Administering Auditing
disabling audit service
Enabling and Disabling the Audit Service
enabling audit service
Enabling and Disabling the Audit Service
refreshing audit service
Example: Configuring Oracle Solaris Auditing
audit directory
creating file systems for
How to Create ZFS File Systems for Audit Files
audit event-to-class mappings
changing
How to Change an Audit Event's Class Membership
audit events
asynchronous
Audit Policies for Asynchronous and Synchronous Events
audit_event
file and
Audit Events
changing class membership
How to Change an Audit Event's Class Membership
description
Audit Events
mapping to classes
Audit Classes and Preselection
removing from
audit_event
file
How to Prevent the Auditing of Specific Events
selecting from audit trail
Selecting Audit Events to Be Displayed
selecting from audit trail in zones
Auditing and Oracle Solaris Zones
summary
Audit Terminology and Concepts
synchronous
Audit Policies for Asynchronous and Synchronous Events
viewing from binary files
Viewing the Contents of Binary Audit Files
audit file system
description
Audit Terminology and Concepts
audit files
combining
How to Merge Audit Files From the Audit Trail
compressing on disk
How to Compress Audit Files on a Dedicated File System
copying messages to single file
Merging Selected Records to a Single File
creating summary files
Merging Selected Records to a Single File
Copying One User's Audit Records to a Summary File
Combining and Reducing Audit Files
effects of Coordinated Universal Time (UTC)
How to Merge Audit Files From the Audit Trail
limiting size of
Binary Audit File Sizes Grow Without Limit
managing
Preventing Audit Trail Overflow
printing
Printing the Entire Audit Trail
reading with
praudit
Viewing the Contents of Binary Audit Files
reducing size of
How to Merge Audit Files From the Audit Trail
reducing space requirements
Cost of Storage of Audit Data
reducing storage-space requirements
Auditing Efficiently
setting aside disk space for
How to Create ZFS File Systems for Audit Files
time stamps
Conventions for Binary Audit File Names
ZFS file systems
How to Create ZFS File Systems for Audit Files
How to Compress Audit Files on a Dedicated File System
audit flags
summary of
Audit Terminology and Concepts
audit logs
See Also
audit files
comparing binary and text summaries
Audit Logs
configuring
Configuring Local Audit Logs
configuring text summary audit logs
How to Configure syslog Audit Logs
modes
Audit Logs
audit plugins
audit_binfile
plugin
How to Assign Audit Space for the Audit Trail
How to Change Audit Queue Controls
audit_remote
plugin
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
audit_syslog
plugin
How to Configure syslog Audit Logs
description
Audit Terminology and Concepts
qsize
attribute
How to Change Audit Queue Controls
summary of
Audit Plugins
Audit Service Man Pages
audit policy
audit tokens from
Audit Policy
defaults
Understanding Audit Policy
description
Audit Terminology and Concepts
displaying defaults
Displaying Audit Service Defaults
effects of
Understanding Audit Policy
public
Effects of Audit Policy Options
setting
How to Change Audit Policy
setting
ahlt
Setting the ahlt Audit Policy Option
setting
arge
How to Audit All Commands by Users
setting
argv
How to Audit All Commands by Users
setting in global zone
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
setting
perzone
Setting the perzone Audit Policy
that does not affect tokens
Audit Policy
tokens added by
Audit Policy
audit preselection mask
modifying for existing users
How to Update the Preselection Mask of Logged In Users
modifying for individual users
How to Configure a User's Audit Characteristics
audit queue
events included
Audit Classes and Preselection
audit queue controls
displaying defaults
Displaying Audit Service Defaults
getting
How to Change Audit Queue Controls
audit records
/var/adm/auditlog
file
How to Configure syslog Audit Logs
converting to readable format
Viewing a Specific Audit File
copying to single file
Merging Selected Records to a Single File
description
Audit Terminology and Concepts
displaying
Viewing the Contents of Binary Audit Files
displaying definitions of
procedure
Displaying Audit Record Definitions
displaying formats of a program
Displaying the Audit Record Definitions of a Program
displaying formats of an audit class
Displaying the Audit Record Definitions of an Audit Class
displaying in XML format
Putting Audit Records in XML Format
event modifiers
header Token
events that generate
How Does Auditing Work?
format
Audit Record Structure
formatting example
Displaying Audit Record Definitions
merging
How to Merge Audit Files From the Audit Trail
overview
Audit Records and Audit Tokens
policies that add tokens to
Audit Policy
reducing audit file size
How to Merge Audit Files From the Audit Trail
sequence of tokens
Audit Record Structure
audit remote server
managing
Managing a Remote Repository
overview
Audit Remote Server
summary of
Audit Remote Server
Audit Review rights profile
Rights Profiles for Administering Auditing
audit service
See Also
auditing
audit trail creation
Audit Trail
configuring policy
How to Change Audit Policy
configuring queue controls
How to Change Audit Queue Controls
defaults
Audit Service
disabling
Enabling and Disabling the Audit Service
enabling
Enabling and Disabling the Audit Service
policy
Understanding Audit Policy
refreshing the kernel
Example: Configuring Oracle Solaris Auditing
troubleshooting
Audit Records Are Not Being Logged
audit session ID
Process Audit Characteristics
overview
What Is Auditing?
audit tokens
See Also
individual audit token names
added by audit policy
Audit Policy
audit record format
Audit Record Structure
description
Audit Records and Audit Tokens
Audit Terminology and Concepts
format
Audit Token Formats
list of
Audit Token Formats
xclient
token
xclient Token
audit trail
adding disk space
How to Assign Audit Space for the Audit Trail
analysis costs
Cost of Analysis of Audit Data
cleaning up not_terminated files
How to Clean Up a not_terminated Audit File
creating summary files
Copying One User's Audit Records to a Summary File
Combining and Reducing Audit Files
description
Audit Terminology and Concepts
effect of audit policy
Understanding Audit Policy
monitoring in real time
Auditing Efficiently
overview
Flow of Auditing
preventing overflow
Preventing Audit Trail Overflow
reducing size of
Volume of Audit Records Is Large
How to Compress Audit Files on a Dedicated File System
selecting events from
Selecting Audit Events to Be Displayed
sending files to remote repository
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
viewing events from
Viewing the Contents of Binary Audit Files
viewing events from different zones
Auditing and Oracle Solaris Zones
audit user ID
mechanism
Process Audit Characteristics
overview
What Is Auditing?
audit.notice
entry
syslog.conf
file
How to Configure syslog Audit Logs
audit
command
disabling audit service
Enabling and Disabling the Audit Service
options
Audit Service Man Pages
refreshing audit service
Example: Configuring Oracle Solaris Auditing
audit_binfile
plugin
Audit Plugin Modules
getting attributes
Removing Queue Size for an Audit Plugin
Specifying Several Changes to an Audit Plugin
Limiting File Size for the audit_binfile Plugin
limiting audit file size
Limiting File Size for the audit_binfile Plugin
removing queue size
Removing Queue Size for an Audit Plugin
setting attributes
How to Assign Audit Space for the Audit Trail
setting free space warning
Setting a Soft Limit for Warnings
specifying time for log rotation
Specifying Time for Log Rotation
audit_class
file
adding a class
How to Add an Audit Class
troubleshooting
Creating a New Audit Class
audit_event
file
changing class membership
How to Change an Audit Event's Class Membership
description
Audit Events
removing events safely
How to Prevent the Auditing of Specific Events
audit_flags
keyword
How to Configure a User's Audit Characteristics
specifying user exceptions to audit preselection
How to Configure a User's Audit Characteristics
use
Audit Class Syntax
using caret (
^
) prefix
Modifying Audit Preselection Exception for One User
audit_remote
plugin
Audit Plugin Modules
configuring
How to Configure a Remote Repository for Audit Files
getting attributes
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
setting attributes
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
troubleshooting audit queue overfull
Tuning the Audit Queue Buffer Size
audit_syslog
plugin
Audit Plugin Modules
setting attributes
How to Configure syslog Audit Logs
audit_warn
script
configuring
How to Configure the audit_warn Email Alias
description
Audit Service Man Pages
auditconfig
command
adding audit file systems
How to Assign Audit Space for the Audit Trail
audit classes as arguments
Audit Classes and Preselection
configuring policy
How to Change Audit Policy
configuring queue controls
How to Change Audit Queue Controls
description
Audit Service Man Pages
displaying audit defaults
Displaying Audit Service Defaults
–getplugin
option
How to Configure syslog Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
policy options
How to Change Audit Policy
preselecting audit classes
How to Preselect Audit Classes
queue control options
How to Change Audit Queue Controls
sending files to remote repository
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
–setflags
option
How to Preselect Audit Classes
–setnaflags
option
How to Preselect Audit Classes
–setplugin
option
How to Configure syslog Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
setting active audit policy
Setting a Temporary Audit Policy
setting audit policy
How to Audit All Commands by Users
setting audit policy temporarily
Setting a Temporary Audit Policy
setting
audit_binfile
attributes
How to Assign Audit Space for the Audit Trail
setting
audit_remote
attributes
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
setting system-wide audit parameters
Audit Classes and Preselection
viewing default audit preselection
How to Preselect Audit Classes
auditd
daemon
refreshing audit service
Example: Configuring Oracle Solaris Auditing
auditing
adding audit flags to a group of users
Creating a Rights Profile for a Group of Users
all commands by users
How to Audit All Commands by Users
analysis
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
Audit Remote Server (ARS)
Managing a Remote Repository
auditors' perspective
Best Practices for Auditing Core System Files
configuring
all zones
Configuring the Audit Service
global zone
Setting the ahlt Audit Policy Option
identically for all zones
How to Configure All Zones Identically for Auditing
per zone
How to Configure Per-Zone Auditing
configuring in global zone
Implementing One Audit Service for All Zones
crontab
editingS failure
crontab File Editing Fails With Audit Context Error
crontab
files
crontab File Editing Fails With Audit Context Error
customizing
Customizing What Is Audited
default configuration
Default Configuration of the Audit Service
defaults
Audit Service
determining if running
Audit Records Are Not Being Logged
disabling
Enabling and Disabling the Audit Service
enabling
Enabling and Disabling the Audit Service
finding changes to specific files
How to Find Audit Records of Changes to Specific Files
getting queue controls
How to Change Audit Queue Controls
local definition
Audit Terminology and Concepts
logins
Logins From Other Operating Systems Not Being Audited
man page summaries
Audit Service Man Pages
planning
Concepts in Planning Auditing
planning in zones
Planning Auditing in Zones
plugin modules
Audit Plugin Modules
plugin to Oracle Audit Vault and Database Firewall
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
post-selection definition
Audit Terminology and Concepts
preselection definition
Audit Terminology and Concepts
remote definition
Audit Terminology and Concepts
removing user-specific audit flags
Removing a User's Audit Flags
reports
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
rights profiles for
Rights Profiles for Administering Auditing
setting queue controls
How to Change Audit Queue Controls
sftp
file transfers
How to Audit FTP and SFTP File Transfers
troubleshooting
Troubleshooting the Audit Service
troubleshooting
praudit
command
Processing praudit Output With a Script
updating information
Example: Configuring Oracle Solaris Auditing
Example: Configuring Oracle Solaris Auditing
users only
Auditing Selected Users, No System-Wide Auditing
zones and
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
auditlog
file
text audit records
How to Configure syslog Audit Logs
auditrecord
command
[]
(square brackets) in output
Audit Record Analysis
description
Audit Service Man Pages
displaying audit record definitions
Displaying Audit Record Definitions
example
Displaying Audit Record Definitions
listing all formats
Displaying Audit Record Definitions
listing formats of class
Displaying the Audit Record Definitions of an Audit Class
listing formats of program
Displaying the Audit Record Definitions of a Program
optional tokens (
[]
)
Audit Record Analysis
auditreduce
command
–A
option
Copying Audit Files to a Summary File
–b
option
Combining and Reducing Audit Files
–c
option
Merging Selected Records to a Single File
Merging Selected Records to a Single File
–C
option
Copying Audit Files to a Summary File
cleaning up audit files
How to Clean Up a not_terminated Audit File
–d
option
Merging Selected Records to a Single File
–D
option
Copying Audit Files to a Summary File
description
Audit Service Man Pages
–e
option
Copying One User's Audit Records to a Summary File
examples
How to Merge Audit Files From the Audit Trail
filtering options
Selecting Audit Events to Be Displayed
merging audit records
How to Merge Audit Files From the Audit Trail
–O
option
Copying Audit Files to a Summary File
How to Merge Audit Files From the Audit Trail
Copying One User's Audit Records to a Summary File
selecting audit records
Selecting Audit Events to Be Displayed
time stamp use
How to Merge Audit Files From the Audit Trail
trailer
tokens, and
trailer Token
using lowercase options
Selecting Audit Events to Be Displayed
using uppercase options
How to Merge Audit Files From the Audit Trail
auditstat
command
description
Audit Service Man Pages
B
–b
option
auditreduce
command
Combining and Reducing Audit Files
binary and remote records
About Binary Records
C
caret (
^
)
in audit class prefixes
How to Configure a User's Audit Characteristics
using prefix in
audit_flags
value
Modifying Audit Preselection Exception for One User
changing
audit_class
file
How to Add an Audit Class
audit_event
file
How to Change an Audit Event's Class Membership
auditing defaults
How to Preselect Audit Classes
classes
See
audit classes
cleaning up
binary audit files
How to Clean Up a not_terminated Audit File
cmd
audit token
cmd Token
cnt
audit policy
description
Effects of Audit Policy Options
with
ahlt
policy
Audit Policies for Asynchronous and Synchronous Events
combining audit files
auditreduce
command
How to Merge Audit Files From the Audit Trail
from different zones
Auditing and Oracle Solaris Zones
compressing
audit files on disk
How to Compress Audit Files on a Dedicated File System
configuration decisions
auditing
file storage
Planning Disk Space for Audit Records
policy
Understanding Audit Policy
remote file storage
Preparing to Stream Audit Records to Remote Storage
who and what to audit
How to Plan Who and What to Audit
zones
Planning Auditing in Zones
configuration files
auditing
Audit Service Man Pages
configured audit policy
permanent audit policy
How to Change Audit Policy
configuring
active audit policy
Setting a Temporary Audit Policy
ahlt
audit policy
Setting the ahlt Audit Policy Option
audit classes
How to Preselect Audit Classes
audit logs task map
Configuring Audit Logs
audit policy
How to Change Audit Policy
audit policy temporarily
Setting a Temporary Audit Policy
audit queue controls
How to Change Audit Queue Controls
audit service policy
How to Change Audit Policy
audit trail overflow prevention
Preventing Audit Trail Overflow
audit_class
file
How to Add an Audit Class
audit_event
file
How to Change an Audit Event's Class Membership
audit_warn
script
How to Configure the audit_warn Email Alias
auditing
Configuring the Audit Service
auditing in zones
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
auditing reports
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
auditing task map
Configuring the Audit Service
identical auditing for non-global zones
How to Configure All Zones Identically for Auditing
per-zone auditing
How to Configure Per-Zone Auditing
permanent audit policy
How to Change Audit Policy
perzone
audit policy
Setting the perzone Audit Policy
space for audit trail
How to Assign Audit Space for the Audit Trail
temporary audit policy
How to Change Audit Policy
text summaries of audit records
How to Configure syslog Audit Logs
converting
audit records to readable format
Viewing a Specific Audit File
Coordinated Universal Time (UTC)
time stamp use in auditing
Conventions for Binary Audit File Names
How to Merge Audit Files From the Audit Trail
copying audit records to single file
Merging Selected Records to a Single File
core files
auditing changes to
Best Practices for Auditing Core System Files
cost control
and auditing
Controlling Auditing Costs
creating
audit trail
Audit Trail
rights profile for a group of users
Creating a Rights Profile for a Group of Users
storage for binary audit files
How to Create ZFS File Systems for Audit Files
cusa
audit class
Collecting Audit Records for External Auditors
D
debugging sequence number
sequence Token
defaults
audit service
Audit Service
deleting
archived audit files
Preventing Audit Trail Overflow
audit files
How to Merge Audit Files From the Audit Trail
not_terminated
audit files
How to Clean Up a not_terminated Audit File
determining
audit ID of a user
How to Update the Preselection Mask of Logged In Users
whether auditing is running
Audit Records Are Not Being Logged
disabling
audit policy
How to Change Audit Policy
audit service
Enabling and Disabling the Audit Service
disk space requirements
audit files
How to Create ZFS File Systems for Audit Files
Cost of Storage of Audit Data
displaying
audit policies
How to Change Audit Policy
audit policy defaults
Displaying Audit Service Defaults
audit queue controls
How to Change Audit Queue Controls
Displaying Audit Service Defaults
audit record definitions
Displaying Audit Record Definitions
audit records
Viewing the Contents of Binary Audit Files
audit records in XML format
Putting Audit Records in XML Format
auditing defaults
Displaying Audit Service Defaults
definition of audit records
Displaying Audit Record Definitions
exceptions to system-wide auditing
Displaying Audit Service Defaults
selected audit records
How to Merge Audit Files From the Audit Trail
E
/etc/security/audit_event
file
audit events and
Audit Events
/etc/syslog.conf
file
auditing and
Audit Service Man Pages
How to Configure syslog Audit Logs
efficiency
auditing and
Auditing Efficiently
enabling
audit service
Enabling and Disabling the Audit Service
environment variables
audit token for
exec_env Token
presence in audit records
Audit Tokens for Auditing
Effects of Audit Policy Options
event
description
Audit Events
event modifiers
audit records
header Token
exec_args
audit token
argv
policy and
exec_args Token
format
exec_args Token
exec_env
audit token
format
exec_env Token
F
failure and success events
audit class prefix
Audit Class Syntax
fe
audit event modifier
header Token
file transfers
auditing
How to Audit FTP and SFTP File Transfers
file
vnode
audit token
attribute Token
file
audit token
format
file Token
files
See Also
audit files
audit_class
Audit Service Man Pages
audit_event
Audit Service Man Pages
auditing modifications to
How to Find Audit Records of Changes to Specific Files
public objects
Audit Terminology and Concepts
syslog.conf
Audit Service Man Pages
flags
line
process preselection mask
Process Audit Characteristics
fmri
audit token
format
fmri Token
format of audit records
auditrecord
command
Displaying Audit Record Definitions
fp
audit event modifier
header Token
ftp
command
logging file transfers
How to Audit FTP and SFTP File Transfers
G
group
audit policy
and
group
token
group Token
Effects of Audit Policy Options
description
Effects of Audit Policy Options
group
audit token
format
group Token
group policy, and
group Token
H
hard disk
space requirements for auditing
Cost of Storage of Audit Data
header
audit token
event modifiers
header Token
format
header Token
order in audit record
header Token
I
IDs
audit
mechanism
Process Audit Characteristics
overview
What Is Auditing?
audit session
Process Audit Characteristics
Internet-related audit tokens
ip address
token
ip address Token
ip port
token
ip port Token
socket
token
socket Token
ip address
audit token
format
ip address Token
ip port
audit token
format
ip port Token
IPC type field values (
ipc
token)
ipc Token
ipc
audit token
ipc Token
IPC_perm
audit token
format
IPC_perm Token
L
limiting
audit file size
Binary Audit File Sizes Grow Without Limit
local auditing
Audit Terminology and Concepts
log files
/var/adm/messages
Troubleshooting the Audit Service
/var/log/syslog
Troubleshooting the Audit Service
audit records
Viewing a Specific Audit File
Audit Logs
configuring for audit service
How to Configure syslog Audit Logs
syslog
audit records
Audit Service Man Pages
logadm
command
archiving text summary audit files
Preventing Audit Trail Overflow
logging
ftp
file transfers
How to Audit FTP and SFTP File Transfers
logging in
auditing logins
Logins From Other Operating Systems Not Being Audited
M
man pages
audit service
Audit Service Man Pages
managing
audit files
Preventing Audit Trail Overflow
How to Merge Audit Files From the Audit Trail
audit records task map
Managing Audit Records on Local Systems
audit trail overflow
Preventing Audit Trail Overflow
auditing in zones
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
mappings
events to classes (auditing)
Audit Classes and Preselection
mask (auditing)
description of process preselection
Process Audit Characteristics
merging
binary audit records
How to Merge Audit Files From the Audit Trail
minus sign (
-
)
audit class prefix
Audit Class Syntax
modifying
user security attributes
How to Configure a User's Audit Characteristics
monitoring
audit trail in real time
Auditing Efficiently
N
na
audit event modifier
header Token
naming conventions
audit files
Conventions for Binary Audit File Names
never-audit
classes
process preselection mask
Process Audit Characteristics
O
Oracle Audit Vault and Database Firewall
plugging in auditing
Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records
overflow prevention
audit trail
Preventing Audit Trail Overflow
P
path
audit policy
description
Effects of Audit Policy Options
path
audit token
format
path Token
path_attr
audit token
path_attr Token
permanent audit policy
configured audit policy
How to Change Audit Policy
perzone
audit policy
description
Effects of Audit Policy Options
setting
Setting the perzone Audit Policy
using
Auditing and Oracle Solaris Zones
How to Configure Per-Zone Auditing
Implementing One Audit Service Per Zone
when to use
Auditing on a System With Oracle Solaris Zones
planning
auditing
Concepts in Planning Auditing
auditing in zones
Planning Auditing in Zones
plugins
auditing
Audit Plugin Modules
plus sign (
+
) in audit class prefixes
How to Configure syslog Audit Logs
plus sign (
+
) in audit class prefixes
Audit Class Syntax
policies
for auditing
Understanding Audit Policy
that add tokens to audit records
Audit Policy
post-selection in auditing
Audit Terminology and Concepts
praudit
command
converting audit records to readable format
Viewing a Specific Audit File
description
Audit Service Man Pages
piping
auditreduce
output to
Printing the Entire Audit Trail
using in a script
Processing praudit Output With a Script
viewing audit records
Viewing the Contents of Binary Audit Files
XML format
Putting Audit Records in XML Format
prefixes for audit classes
Audit Class Syntax
preselecting
audit classes
How to Preselect Audit Classes
preselection in auditing
Audit Terminology and Concepts
preselection mask (auditing)
description
Process Audit Characteristics
preventing audit trail overflow
Preventing Audit Trail Overflow
printing
audit log
Printing the Entire Audit Trail
privilege
audit token
privilege Token
process audit characteristics
audit session ID
Process Audit Characteristics
audit user ID
Process Audit Characteristics
process preselection mask
Process Audit Characteristics
terminal ID
Process Audit Characteristics
process preselection mask
description
Process Audit Characteristics
process
audit token
format
process Token
processing time costs of audit service
Cost of Increased Processing Time of Audit Data
public directories
auditing
Audit Terminology and Concepts
public objects
auditing
Audit Terminology and Concepts
public
audit policy
description
Effects of Audit Policy Options
read-only events
Effects of Audit Policy Options
Q
qsize
attribute
audit plugins
How to Change Audit Queue Controls
R
rd
audit event modifier
header Token
readable audit record format
converting audit records to
Viewing a Specific Audit File
reducing
audit file size
How to Merge Audit Files From the Audit Trail
disk space required for audit files
How to Compress Audit Files on a Dedicated File System
storage-space requirements for audit files
Auditing Efficiently
refreshing audit service
Example: Configuring Oracle Solaris Auditing
remote auditing
Audit Terminology and Concepts
removing
audit events from
audit_event
file
How to Prevent the Auditing of Specific Events
user-specific auditing
Removing a User's Audit Flags
replacing preselected audit classes
How to Preselect Audit Classes
return
audit token
format
return Token
rights
audit profiles
Rights Profiles for Administering Auditing
rights profiles
audit service and
Rights Profiles for Administering Auditing
root
role
crontab
auditing error message
crontab File Editing Fails With Audit Context Error
S
scripts
audit_warn
script
Audit Service Man Pages
How to Configure the audit_warn Email Alias
monitoring audit files example
Auditing Efficiently
processing
praudit
output
Processing praudit Output With a Script
security
auditing and
How Is Auditing Related to Security?
About Auditing in Oracle Solaris
selecting
audit classes
How to Preselect Audit Classes
audit records
Selecting Audit Events to Be Displayed
events from audit trail
Selecting Audit Events to Be Displayed
seq
audit policy
and
sequence
token
sequence Token
Effects of Audit Policy Options
description
Effects of Audit Policy Options
sequence
audit token
and
seq
audit policy
sequence Token
format
sequence Token
session ID
audit
Process Audit Characteristics
–setplugin
option
auditconfig
command
How to Configure syslog Audit Logs
How to Configure a Remote Repository for Audit Files
How to Send Audit Files to a Remote Repository
setting
arge
policy
How to Audit All Commands by Users
argv
policy
How to Audit All Commands by Users
audit policy
How to Change Audit Policy
audit queue controls
How to Change Audit Queue Controls
sftp
command
auditing file transfers
How to Audit FTP and SFTP File Transfers
size of audit files
reducing
How to Merge Audit Files From the Audit Trail
reducing storage-space requirements
Auditing Efficiently
SMF
auditd
service
Audit Service
socket
audit token
socket Token
sp
audit event modifier
header Token
square brackets (
[]
)
auditrecord
output
Audit Record Analysis
starting auditing
Enabling and Disabling the Audit Service
storage costs and auditing
Cost of Storage of Audit Data
storage overflow prevention
audit trail
Preventing Audit Trail Overflow
storing
audit files
How to Create ZFS File Systems for Audit Files
Planning Disk Space for Audit Records
audit files remotely
Preparing to Stream Audit Records to Remote Storage
subject
audit token
format
subject Token
success and failure events
audit class prefix
Audit Class Syntax
svcadm
command
restarting
How to Configure syslog Audit Logs
syslog.conf
file
and auditing
Audit Service Man Pages
audit.notice
level
How to Configure syslog Audit Logs
syslog
records
About syslog Audit Records
system calls
argument
audit token
argument Token
exec_args
audit token
exec_args Token
exec_env
audit token
exec_env Token
return
audit token
return Token
System V IPC
ipc
audit token
ipc Token
IPC_perm
audit token
IPC_perm Token
T
tail
command
example of use
Auditing Efficiently
task maps
configuring audit logs
Configuring Audit Logs
configuring auditing
Configuring the Audit Service
managing audit records
Managing Audit Records on Local Systems
planning auditing
Concepts in Planning Auditing
TCP addresses
ip port Token
temporary audit policy
active audit policy
How to Change Audit Policy
setting
Setting a Temporary Audit Policy
terminal ID
audit
Process Audit Characteristics
text
audit token
format
text Token
time stamps
audit files
Conventions for Binary Audit File Names
trail
audit policy
and
trailer
token
Effects of Audit Policy Options
description
Effects of Audit Policy Options
trailer
audit token
format
trailer Token
order in audit record
trailer Token
praudit
display
trailer Token
troubleshooting
active plugin
No Audit Plugin Active
audit classes
customized
No Assigned Events to Audit Class
Creating a New Audit Class
auditing
Troubleshooting the Audit Service
praudit
command
Processing praudit Output With a Script
too many audit records in queue
Tuning the Audit Queue Buffer Size
U
UDP
addresses
ip port Token
using for remote audit logs
Audit Logs
use of authorization
audit token
use of authorization Token
use of privilege
audit token
use of privilege Token
user ID
audit ID and
Process Audit Characteristics
user ID and audit ID
What Is Auditing?
User Security rights profile
modifying audit preselection for users
How to Configure a User's Audit Characteristics
user
audit token
user Token
user_attr
database
listing user exceptions to audit preselection
How to Configure a User's Audit Characteristics
user_attr
file
exceptions to system-wide audit classes
Audit Classes and Preselection
userattr
command
displaying exceptions to system-wide auditing
Displaying Audit Service Defaults
usermod
command
audit_flags
keyword
How to Configure a User's Audit Characteristics
exceptions to system-wide auditing
Audit Classes and Preselection
specifying user exceptions to audit preselection
How to Configure a User's Audit Characteristics
using caret (
^
) prefix for
audit_flags
exception
Modifying Audit Preselection Exception for One User
users
auditing all commands
How to Audit All Commands by Users
auditing individual users
Auditing Selected Users, No System-Wide Auditing
creating rights profile for a group
Creating a Rights Profile for a Group of Users
modifying audit preselection mask of
How to Configure a User's Audit Characteristics
removing audit flags
Removing a User's Audit Flags
V
/var/adm/auditlog
file
text audit records
How to Configure syslog Audit Logs
/var/adm/messages
file
troubleshooting auditing
Troubleshooting the Audit Service
/var/log/syslog
file
troubleshooting auditing
Troubleshooting the Audit Service
variables
adding to audit record
exec_env Token
Effects of Audit Policy Options
auditing those associated with a command
cmd Token
viewing
audit record definitions
Displaying Audit Record Definitions
binary audit files
Viewing the Contents of Binary Audit Files
XML audit records
Putting Audit Records in XML Format
vnode
audit token
format
attribute Token
W
wr
audit event modifier
header Token
X
xclient
audit token
xclient Token
XML format
audit records
Putting Audit Records in XML Format
Z
ZFS File System Management rights profile
creating audit file systems
How to Create ZFS File Systems for Audit Files
ZFS file systems
creating for binary audit files
How to Create ZFS File Systems for Audit Files
ZFS Storage Management rights profile
creating pools for audit files
How to Create ZFS File Systems for Audit Files
zonename
audit policy
description
Effects of Audit Policy Options
using
Auditing and Oracle Solaris Zones
Implementing One Audit Service Per Zone
zonename
audit token
zonename Token
zones
auditing and
Auditing and Oracle Solaris Zones
Auditing on a System With Oracle Solaris Zones
configuring auditing in global zone
Setting the ahlt Audit Policy Option
perzone
audit policy
Auditing and Oracle Solaris Zones
Implementing One Audit Service Per Zone
Auditing on a System With Oracle Solaris Zones
planning auditing in
Planning Auditing in Zones
zonename
audit policy
Auditing and Oracle Solaris Zones
Implementing One Audit Service Per Zone
Previous