Sun solaris BSM content creation
I want to create some basic rules and reports for the sun solaris BSM devices, am finding difficulties in creating it as I have never worked on solaris before. Request you all to share if has any kind of report or alert related to sun solaris BSM devices.
Appreciate any suggestions as well.
the audit daemon on solaris is quite good. It provides a session id (deviceCustomString2) that is unique over all events within a session.
As far as I know the solaris audit is less rich regarding limiting events you want to sent to Acrsight. Basically you can get to much or not enough (depending on what you want to analyse).
A nice fact is, that each event keeps the original user name even after a switch user. What I have seen so far, the Information of the solaris auditd is by far the best of all Unix auditds and very easy to analyse.
What are your use cases? What are you looking for?
Thanks for your response, sorry I could't reply as was having limited access to internet.
By the logs I can see the events like "AUE_OPEN_R" "AUE_OPENAT_R" "AUE_OPEN_RWT" "AUE_OPEN_WTC" "AUE_RENAME" AND "AUE_UNLINK" Only.
I want to know what does this events refer to and regarding use cases I dont have any use cases and as I told am totally new, so could't figure out what use cases needs to be created.
I request if you know any of the use case related to solaris kindly share it.
Thanks in Advance.
Waiting for you reply