On Solaris platforms, Basic Security Module (BSM) can be used to audit Secure Shell log-in (both failed and successful) and log-out events.
The log-in events are audited with the event ID 34543 (
AUE_tectia) and the log-outs with event ID
AUE_tectia events, add the following line to
34543:AUE_tectia:login - ssh:lo
To prevent clashes with other BSM-aware third-party applications, you can change the
AUE_tectia event ID to a unique one by exporting the environment variable
SSH_BSM_AUDIT_EVENT_ID=<event_id> before you start SSH Tectia Server.