This discussion is archived
1 Reply Latest reply: May 16, 2013 8:11 AM by 1009386 RSS

BSM Auditd and AUE_prof_cmd

1009379 Newbie
Currently Being Moderated
I am working on an auditing project and have two very similar Solaris 10 servers. Both have the same version of BSM and same audit_control, audit_event, audit_startup files.

The problem I am having is that one of the servers captures all commands run at the command has type AUE_prof_cmd. The other captures events with AUE_EXEC, AUE_OPEN, AUE_CREAT depending on the command. I would like to have both servers capture events how the second server is capturing them.

What could be wrong in the configuration?



  • Correct Answers - 10 points
  • Helpful Answers - 5 points