Preparing To Monitor Solaris Hosts

Real-time monitoring on Solaris systems utilizes the Solaris audit system which is part of the Solaris Basic Security Model (BSM). BSM auditing allows system administrators to monitor events and to detect user account logins and logouts as well as file changes.

Verify that BSM auditing is enabled by running the following command with root privilege:

/usr/sbin/auditconfig –getcond

You should see the following output:

audit condition = auditing

If the output is different from the above, it means the BSM auditing needs to be enabled through different methods in different Solaris releases.