Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Using Audit Service on Solaris 11.4 to audit/monitor for file and folder modification + deletion and logged it to syslog.

Bob ShizMay 28 2024 — edited May 28 2024

I am absolutely new to Solaris, running it on Virtualbox. I am trying to do what the title says. Tried to follow the documentations by following here for auditing of files/folder. .

Steps I did to start auditing files/folders:

# audit -s

# rolemod -K audit_flags=+fw:no root

# auditreduce -o file=… -O filechg

# praudit *filechg

Steps I did to configure it to syslog is exactly as shown in here.

However, after doing these, I am still unable to pipe any changes that was done to syslog. The only thing promising is that when praudit *filechg is entered, it shows the results below

But these results are not in syslog. And what I want is that the filename, time and also actions done be logged to syslog. Is this possible? Do let me know where did I go wrong and what did I missed out on as I know I surely did, unable to fully understand the documentation. Appreciate any help.

Comments

Processing

Post Details

Added on May 28 2024
#oracle-solaris, #solaris-11
1 comment
295 views