I have been looking into this for some time but have yet to find a way to do this with my level of experience.
I work mostly with Solaris 10 & 11 systems (primarily 10 for now).
I recently decided I needed a way to log ALL incoming connections (ftp, ssh, sftp, etc..) with a time in and a time out.
Ideally I could parse this information into a log for an end user on a site.
While researching I discovered that the process I was looking for was called an
audit. From my understanding this is what will actually take the information and push it to my log file.
Oracle docs say I need to configure my
audit_control file to create an additional system log. I wish to simply append this file with the lines needed to produce my log. From my understanding if I edit this file, then restart my system, the audit should begin logging the information I require.
So my questions (for now) are this:
1.) Are those two steps (edit
audit_control & restart) all that are needed?
2.) Will simply appending this file cause any issues with what is currently being audited?
3.) If I wanted to only log all incoming connections with a time in/out, what would the appended lines need to look like? Say I want to store the log in /logs/my_audits_log
EDIT I would prefer to not have to contact oracle with my questions. ANY additional information that can be provided to me will help. Thank you.