The Solaris activity dashboard shows an overview of all actions performed on the Solaris systems. The log data is collected by the Snare Solaris agents and shows all user and administrative activity performed on the systems. The Snare Solaris agent worhs with the BSD audit subsystem to collect all configured audit events and stream them out over syslog to the Snare Central Server. The key aspects of the dashboard are:
- Solaris Event Activity - This shows a summary view of the key event types including file opens, login activity, logouts, using su to gain additional privilege, ssh for remote logins, usage of ftp, running commands as reported by execve etc.
- Solaris System Activity - overview of all events per system
- Solaris Process Activity - details of all processes and commands run on all systems.
- Solaris User Activity - overview of all activity by users.
- Solaris Login Failures. - details of each account that has had login failures over the date and time filter.
As with all other dashboards each dashboard page can be selected and the data will appear on the drill through at the bottom of the page and be filtered by the selected context of that item.