Hi all
I'm busy testing auditing on Solaris 10.
I am using the syslog plugin to get real time view of what's happening on the system. Initially I am only monitoring lo events. The audit_control file looked like this:
Code:
dir:/var/audit
flags:lo
minfree:20
naflags:lo
plugin:name=audit_syslog.so;p_flags=lo
I then wanted to add the the class, fd, as well. I did this as follows:
Code:
dir:/var/audit
flags:lo,fd
minfree:20
naflags:lo
plugin:name=audit_syslog.so;p_flags=lo,fd
I ran the command to reread the audit_control file:
Code:
audit -s
Also just, in case, I restarted the box using
Code:
init 6
I am however not seeing file delete events being tracked when I test it.
Is there something I am doing wrong? The documentation I have found is not helping me much in this regard.
I'm busy testing auditing on Solaris 10.
I am using the syslog plugin to get real time view of what's happening on the system. Initially I am only monitoring lo events. The audit_control file looked like this:
Code:
dir:/var/audit
flags:lo
minfree:20
naflags:lo
plugin:name=audit_syslog.so;p_flags=lo
I then wanted to add the the class, fd, as well. I did this as follows:
Code:
dir:/var/audit
flags:lo,fd
minfree:20
naflags:lo
plugin:name=audit_syslog.so;p_flags=lo,fd
I ran the command to reread the audit_control file:
Code:
audit -s
Also just, in case, I restarted the box using
Code:
init 6
I am however not seeing file delete events being tracked when I test it.
Is there something I am doing wrong? The documentation I have found is not helping me much in this regard.