On a system that is configured with Trusted Extensions software, auditing is configured and is administered similarly to auditing on an Oracle Solaris system. However, the following are some differences:
Trusted Extensions software adds audit classes, audit events, audit tokens, and audit policy options to the system.
Per-zone auditing is discouraged, because it requires a root account in a labeled zone.
Two roles, System Administrator and Security Administrator, are used to configure and administer auditing in Trusted Extensions.
The security administrator plans what to audit and any site-specific, event-to-class mappings. The system administrator plans disk space requirements for the audit files, creates an audit administration server, and reviews audit logs.