>I found some BSM audit data error.
>When someone log-in to system, the source IP doesn't match to real IP address.
>I saw ASCII data converted by praudit command.
>Our E10000 system using Solaris 8(10/01) 64-bit kenel.
>Should I do some patches?
only if "who" matches what you think it should be.
if "who" agrees with the praudit data, then probably the "real" address is
being NATted, and the system has no way to tell what the "real" address is.
As far as it is concerned, the address it is reporting, IS the "real"
http://www.blastwave.org/ for solaris pre-packaged binaries with pkg-get
Organized by the author of pkg-get
[Trim the no-bots from my address to reply to me by email!]