Oracle Solaris System Administration (MOSC)

MOSC Banner

Auditing activated with syslog plugin does not reports the RUID info

edited Jul 9, 2012 11:28PM in Oracle Solaris System Administration (MOSC) 5 commentsAnswered
Hi,

I've activated the Solaris BSM on Solaris 10.

Audit logs are written into files in /var/audit/

I've also activated the syslog plugin to send audit logs to a remote ip adress:  plugin:name=audit_syslog.so; p_flags=lo,ex,fw,fc,fd

All is working fine locally , but it seems that some info sent to through the syslog are missing, such a the SUBJECT line:

<subject audit-uid="john" uid="mike" gid="family" ruid="mike" rgid="family" pid="255" sid="2841387154" tid="11602 131094 gvaunx16.lloydstsb.ch"/>

It seems that the syslog only forward the audit-uid="john", and NOT the ruid="mike".

I need to know the RUID (Real User ID), but there is no  such info one the remote server (Where the sylog sends audir logs).

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center