Although Oracle Solaris 11 auditing is enabled by default, you must configure Logical Domains Manager auditing.
These customizations are preserved across Oracle Solaris upgrades, but should be re-added after a fresh Oracle Solaris installation.
40700:AUE_ldoms:ldoms administration:vs
0x10000000:vs:virtualization_software
Ensure that any audit classes that have already been selected are part of the updated set of classes. The following example shows that the lo class is already selected:
# auditconfig -getflags active user default audit flags = lo(0x1000,0x1000) configured user default audit flags = lo(0x1000,0x1000)
# auditconfig -setflags [class],vs
class is zero or more audit classes, separated by commas. You can see the list of audit classes in the /etc/security/audit_class file. Be sure to include the vs class on your Oracle VM Server for SPARC system.
For example, the following command selects both the lo and vs classes:
# auditconfig -setflags lo,vs
If you do not want to log out, see How to Update the Preselection Mask of Logged In Users in Managing Auditing in Oracle Solaris 11.3 .
# auditconfig -getcond
If the auditing software is running, audit condition = auditing appears in the output.
# svccfg -s ldmd setprop ldmd/audit = boolean: true
# svcadm refresh ldmd
# svcadm restart ldmd