Auditing with Solaris BSM
On Solaris platforms, Basic Security Module (BSM) can be used to audit Secure Shell log-in (both failed and successful) and log-out events.
The log-in events are audited with the event ID 34543 (AUE_tectia) and the log-outs with event ID AUE_logout.
When auditing AUE_tectia events, add the following line to /etc/security/audit_event:
34543:AUE_tectia:login - ssh:lo
To prevent clashes with other BSM-aware third-party applications, you can change the AUE_tectia event ID to a unique one by exporting the environment variable SSH_BSM_AUDIT_EVENT_ID=<event_id> before you start SSH Tectia Server.
Copyright 2010 SSH Communications Security Corp. This software is protected by international copyright laws. All rights reserved. Contact Information