Skip to main content

3.10.1 Auditing

3.10.1 Auditing
The SPARC M12/M10 systems can record all the XSCF events that may be related to security, such as user login and logout and changes to user privileges, as well as all operations, including system start and stop. After auditing is configured, auditing starts and information on a single event, cause of occurrence, date of occurrence, and other related information are recorded as an audit record. The system has an audit log (audit trails), which is a collection of audit records. The system administrator can refer to an audit log to check for suspicious or abnormal operation or to identify the person who did a specific event.
Figure 3-6 provides an overview of how login event information is recorded in an audit log.
Figure 3-6  Recording in an Audit Log
Figure 3-6  Recording in an Audit Log