Solaris device auditing
By auditing Solaris devices, you can get a record of security-related system events, which can be used to assign technicians the responsibility of looking into potentially problematic actions that take place on Solaris devices.
This audit data can also help you:
- Detect misuse or unauthorized activity.
- Review patterns of access and the access histories of users and objects.
- Identify attempts to sidestep protection mechanisms.
Solaris auditing reports in EventLog Analyzer
EventLog Analyzer is a log management tool which collects and analyzes logs generated by Solaris devices to detect potential security threats and report on activities.
Solaris logon and logoff reports: Track all logons and logoffs, including individual methods for logging on such as su command, Secure Shell, and File Transfer Protocol (FTP) logons.
Solaris failed logon reports: View a list of all failed logons, and identify users with multiple consecutive authentication failures as well as remote devices generating the highest number of failed logon attempts.
Solaris user account management: Discover all user accounts and groups that have been added, removed, or renamed. Also, identify failed password changes and newly added users.
Solaris removable disk auditing: Audit the use of removable devices on your Solaris devices, and get information each time a removable device is plugged into or taken out of the device.
Sudo commands: View details of all successful and failed sudo command executions, and identify the most frequently attempted sudo commands.
Solaris mail server reports
Mail server reports offer the following insights:
- An overview of the email server usage pattern and trends associated with sent and received emails.
- The users and remote devices sending and receiving the most email.
- The domains that send, receive, or reject the most email.
- Errors such as unavailable mailboxes, insufficient storage, bad sequences of commands, and more.
- Errors that occur most frequently.
Solaris errors and threats: Discover potential security concerns so you can proactively respond to them.
Solaris Network File System (NFS) events: Obtain details for all successful and denied NFS mounts, and identify the users and remote devices with the highest number of denied NFS mounts.
Solaris FTP Server reports: Obtain details for all file downloads and uploads. View details for timeouts that occur during logons, data transfers, idle sessions, and connections. Identify users and remote devices that perform the highest number of FTP operations.
Solaris system events: Track important system events such as the stopping or restarting of syslog services, low disk space, and executions of the yum command.
Solaris severity reports: View events logged at each severity level.
Solaris critical reports: View critical events based on the event and device responsible for report generation.
Reports on other Solaris events:
- Obtain details on all cron jobs.
- Identify services that have been deactivated.
- View details of sessions that have been connected and disconnected.
- Stay aware of any timeouts during the logging process.
- Track mismatched errors in device names or addresses.