Go to main content

man pages section 7: Standards, Environments, Macros, Character Sets, and Miscellany

Exit Print View

Updated: Wednesday, January 24, 2018

audit_sstore (7)


audit_sstore - Sends Oracle Solaris audit records to sstore(7)




The audit_sstore plugin module for Oracle Solaris audit, /usr/lib/security/audit_sstore.so, sends binary audit records to sstore(7) as configured in auditconfig(8). If the svc:/system/sstore:default service is not running, then audit_sstore keeps a cache of unsent audit records. When a new audit record is generated, audit_sstore attempts to send the new record and the unsent records.

The audit_sstore plugin is loaded by auditd if the plugin is configured as active through auditconfig. Use the auditconfig –setplugin option to change all the plugin-related configuration parameters.

Object Attributes

The p_flag attribute is used to further filter audit data being sent to the sstore daemon beyond the classes specified through the flags and naflags (see auditconfig(8)) and through the user-specific lines of user_attr(5). The parameter is a comma-separated list in which each item represents an audit class (see audit_class(5)) and is specified by using the syntax described in the audit_flags(7) man page.


See attributes(7) for descriptions of the following attributes:

MT Level
Interface Stability

See Also

attributes(7), sstore(7), audit_warn(8), auditconfig(8), auditd(8)