Absent Member.
Absent Member.
157 views

Sun solaris BSM content creation

Hi All,


I want to create some basic rules and reports for the sun solaris BSM devices, am finding difficulties in creating it as I have never worked on solaris before. Request you all to share if has any kind of report or alert related to sun solaris BSM devices.


Appreciate any suggestions as well.



0 Likes
2 Replies
Absent Member.
Absent Member.

Hi,

the audit daemon on solaris is quite good. It provides a session id (deviceCustomString2) that is unique over all events within a session.

As far as I know the solaris audit is less rich regarding limiting events you want to sent to Acrsight. Basically you can get to much or not enough (depending on what you want to analyse).

A nice fact is, that each event keeps the original user name even after a switch user. What I have seen so far, the Information of the solaris auditd is by far the best of all Unix auditds and very easy to analyse.

What are your use cases? What are you looking for?

Best regards

Nikolei


0 Likes
Absent Member.
Absent Member.

Hi,

Thanks for your response, sorry I could't reply as was having limited access to internet.

By the logs I can see the events like "AUE_OPEN_R" "AUE_OPENAT_R" "AUE_OPEN_RWT" "AUE_OPEN_WTC" "AUE_RENAME" AND "AUE_UNLINK" Only.

I want to know what does this events refer to and regarding use cases I dont have any use cases and as I told am totally new, so could't figure out what use cases needs to be created.

I request if you know any of the use case related to solaris kindly share it.

Thanks in Advance.

Waiting for you reply

Regards,

Mohammed Hussain

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.