How to get started with Solaris auditing
For anyone that wants to understand how to configure and leverage auditing on Solaris, our team has recently published an excellent guide which we have invested a lot of expertise in.
The auditing subsystem of Oracle Solaris provides a log of who did what when on the system. It is useful for accountability, forensics, compliance, and deterrence. It can be configured to record a very detailed log of what a user or administrator has done on the system.
This article describes the default configuration and major differences between Oracle Solaris 10 and Oracle Solaris 11 configuration. It also discusses some ways a site may wish to customize a configuration and gives an example interpretation of a simple audit trail.
This diagram shows the flow of auditing in Solaris: