audit_sstore - Sends Oracle Solaris audit records to sstore(7)
The audit_sstore plugin module for Oracle Solaris audit, /usr/lib/security/audit_sstore.so, sends binary audit records to sstore(7) as configured in auditconfig(8). If the svc:/system/sstore:default service is not running, then audit_sstore keeps a cache of unsent audit records. When a new audit record is generated, audit_sstore attempts to send the new record and the unsent records.
The audit_sstore plugin is loaded by auditd if the plugin is configured as active through auditconfig. Use the auditconfig –setplugin option to change all the plugin-related configuration parameters.
The p_flag attribute is used to further filter audit data being sent to the sstore daemon beyond the classes specified through the flags and naflags (see auditconfig(8)) and through the user-specific lines of user_attr(5). The parameter is a comma-separated list in which each item represents an audit class (see audit_class(5)) and is specified by using the syntax described in the audit_flags(7) man page.
See attributes(7) for descriptions of the following attributes: