>I'm just curious. We're running a Sprac 3000 w/ 2.5.1 - our auditors
>insist on us providing information that requires the auditting software
>(enabled by running bsmconv, then configuring audit_control, etc).
>Is anyone out there using this? Any help hints you can give me?
>- Bob N.
Read the BSM manual, and make shure you audit the events you want to
audit, Personally just from playing with it, the output is very terse,
but it does log everything if u set it up right.... and there is no
way to remove the module w/o rebooting and running the bsmunconv
script, so if you send all that data to a remote machine that is
secure, you should be set..... becarefull on what u set as far as
flags and what to log, you can fill a good 1-2 gig drive up in qa day
on a personal workstation if the audit flags are wrong. the "auditors"
do they know how to read the cryptic output of the module? I mean you
have to know what the hell you are doing for those logs to make any
sense....... otherwise your wasting CPU cycles and space... In the
answerbook or if you have the hard copy documentation set for sun
they have a good 100 pages on setting it up and what to audit etc...