interesting, from what i've seen, i have to audit either as or ua nacho at saturn:/etc/security$ pfexec grep prof_cmd * audit_event:6180:AUE_prof_cmd:profile command:ua,as
however, that only seems to audit role login and logout nacho at saturn:/etc/security$ grep -v "^#" audit_control dir:/var/audit flags: minfree:20 naflags: lo,ua plugin: name=audit_syslog.so; p_flags=lo,-am,ua nacho at saturn:/etc/security$ pfexec ls audit audit_data audit_user bsmconv dev device_policy kmfpolicy.xml priv_names audit_class audit_event audit_warn bsmunconv device_allocate exec_attr lib prof_attr audit_control audit_startup auth_attr crypt.conf device_maps extra_privs policy.conf spool nacho at saturn:/etc/security$ pfexec praudit audit/localhost/files/20090401044439.not_terminated.saturn file,2009-04-01 01:44:39.837 -03:00, what is it i'm missing? nacho On Tue, Mar 31, 2009 at 11:44 PM, Gary Winiger <gww at eng.sun.com> wrote: > >> while we're arguing about pfexec, would it be possible to make it log >> through syslog in addition to generating audit information? > > ? ? ? ?Audit already does. ?See audit_syslog(5) and audit_control(4). > > Gary.. >
