Talvez algo assim ajude você:
root@solaris:~# auditconfig -setflags ua
user default audit flags = ua(0x40000,0x40000)
Por favor, verifique os flags configurados com auditconfig -getflags
Em seguida, leia o log de auditoria com a combinação usual auditreduce / praudit.
root@solaris:~# auditreduce -c ua /var/audit/20180910183619.not_terminated.solaris | praudit
file,2018-09-10 18:39:21.000+00:00,
header,97,2,passwd,,solaris,2018-09-10 18:39:21.251+00:00
subject,jmoekamp,root,sys,jmoekamp,staff,1188,787827102,151 2 192.168.1.xxx
return,success,0
header,97,2,passwd,,solaris,2018-09-10 18:41:07.981+00:00
subject,jmoekamp,root,sys,jmoekamp,staff,1194,787827102,151 2 192.168.1.xxx
return,success,0