On Solaris platforms, Basic Security Module (BSM) can be used to audit Secure Shell log-in (both failed and successful) and log-out events.
The log-in events are audited with the event ID 34543 (AUE_tectia
) and the
log-outs with event ID AUE_logout
.
When auditing AUE_tectia
events, add the following line to
/etc/security/audit_event
:
34543:AUE_tectia:login - ssh:lo
To prevent clashes with other BSM-aware third-party applications, you can change the
AUE_tectia
event ID to a unique one by exporting the environment variable
SSH_BSM_AUDIT_EVENT_ID=<event_id>
before you start Tectia Server.