1 Reply Latest reply: May 16, 2013 10:11 AM by 1009386 RSS

    BSM Auditd and AUE_prof_cmd

      I am working on an auditing project and have two very similar Solaris 10 servers. Both have the same version of BSM and same audit_control, audit_event, audit_startup files.

      The problem I am having is that one of the servers captures all commands run at the command has type AUE_prof_cmd. The other captures events with AUE_EXEC, AUE_OPEN, AUE_CREAT depending on the command. I would like to have both servers capture events how the second server is capturing them.

      What could be wrong in the configuration?