Versions 9 and 10 of the Solaris operating system have different auditing subsystems than Solaris version 11.
On computers running Solaris 9 or 10, perform the following steps:
Ensure the Basic Security Module will restart after reboot by running ./bsmconv from the /etc/security folder.
Ensure the /etc/security/audit_control file contains the following lines:
flags: ua,fm,cl,pc,fw,fr,ad,as,fc,ps,fd,nf
naflags: fm,cl,pc,fw,fr,as,ad,fc,ps,fd,nf
minfree:20
dir:/var/audit
For Solaris 11, set the auditing flags by running the following commands:
auditconfig -setflags ps,as,cl,fd,fc,fm,fw
auditconfig -setnaflags ps,as,cl,fd,fc,fm,fw