1. Cloud Control Host Lifecycle Management Guide
  2. Monitoring and Managing Hosts
  3. Additional Setup for Real-time Monitoring
  4. Preparing To Monitor Solaris Hosts
  5. Enabling BSM Auditing
  6. Enabling BSM Auditing Using Solaris 11

Enabling BSM Auditing Using Solaris 11

Auditing is enabled by default on Solaris 11, but only user login/logout events are monitored by default. For monitoring both the OS File change events and OS USER logins/logout events, you can execute the following command with root privilege:

/usr/sbin/auditconfig -setflags fw,fd,fc,fm,fr,lo

The configuration flags have the same meaning as defined in the last section.

Note:

This configuration will not affect the existing sessions in which users already log into the host, so you must terminate all the existing sessions and then re-login or simply reboot the machine to ensure this change takes effect.

As the bsmconv command has been removed on Solaris 11, you can use the following command to enable the auditing feature, if needed:

audit -s