The Oracle Solaris OS has a comprehensive auditing facility that can monitor administrative actions, command-line invocations, and even individual kernel-level system calls. This facility is highly configurable, offering global, per-zone, and even per-user auditing policies.
When the system is configured to use Oracle Solaris Zones, audit records for each zone can be stored in the global zone to protect them from tampering.
Oracle Solaris auditing provides the ability to send audit records to remote collection points using the system log (syslog) facility. Many commercial intrusion detection and prevention services can use Oracle Solaris audit records as an additional input for analysis and reporting.
Oracle VM Server for SPARC leverages the native Oracle Solaris auditing facility to record actions and events associated with virtualization events and domain administration.
For more information, refer to the Oracle Solaris security information at http://docs.oracle.com/cd/E53394_01/index.html.