Hi,
I have a customer running both Solaris 11 and I need to monitor their Solaris audit data as kept in their Global Zones (this monitors all Zones).
How do I process this binary format file to retrieve only the latest log file (same way that DB-Connect App does).
I have TA for *NIX LINUX installed on their Splunk Server.
I want to be able to retrieve data such as: User Login information - failed; successfull with time of login and the number of attempts of unsuccessful logins etc.
Regards
David
↧
