error message
object name
domain
name_service
authorization used
initial values
object name
domain
name_service
authorization used
deleted values
object name
domain
name_service
authorization used
changed values
Admin Server Authentication
admin (various)
SMC, WBEM, or AdminSuite
SMC: filesystem add
SMC server
SMC: filesystem delete
SMC server
SMC: filesystem modify
SMC server
SMC: network add
SMC server
SMC: network delete
SMC server
SMC: network modify
SMC server
SMC: printer add
SMC server
SMC: printer delete
SMC server
SMC: printer modify
SMC server
RBAC: role login
SMC server
/usr/bin/su
SMC: scheduled job add
SMC server
SMC: scheduled job delete
SMC server
SMC: scheduled job modify
SMC server
SMC: serial port add
SMC server
SMC: serial port delete
SMC server
SMC: serial port modify
SMC server
SMC: Use of Authorization
SMC server
authorization used
object name
SMC: User Manager add
SMC server
SMC: User Manager delete
SMC server
SMC: User Manager modify
SMC server
login: logout
various
login(1)
"logout" username
init
/sbin/init
/usr/sbin/init
/usr/sbin/shutdown
init level or zone name
terminal login
/usr/sbin/login
/usr/dt/bin/dtlogin
login(1)
dtlogin
rlogin
/usr/sbin/login
login(1) - rlogin
telnet login
/usr/sbin/login
login(1) - telnet
/usr/lib/ssh/sshd
zone login
/usr/sbin/login
zlogin(1)
error message
su
/usr/bin/su
su(1M)
"user name" of failed new user/role
passwd
various
passwd(1)
user if different than caller
desktop screen lock
desktop screen unlock
pfexec
/usr/bin/pfexec
pfexec(1)
working directory
command pathname
inetd
/usr/sbin/inetd
service name
client address
inetd command
inetd
/usr/sbin/inetd
service name
limit value
inetd
/usr/sbin/inetd
service name
limit value
inetd
/usr/sbin/inetd
service name
limit value, interval
New zone state
zone name
su
/usr/bin/su
su(1M)
su
/usr/bin/su
su(1M)
newgrp
group name
authorization used
mount point
device
options
hald
hald
hald
authorization used
mount point
device
hald
authorization used
pool
device
hald
authorization used
pool
device
authorization used
object class name
object name
create wifi security object
/usr/sbin/dladm
dladm(1M)
delete wifi security object
/usr/sbin/dladm
dladm(1M)
relabel file from one zone to another
setlabel(1)
setflabel(3TSOL)
authorization used
file relabeled
original label
new label
copy file to another zone
dtfile(1X)
authorization used
source file
source label
destination directory
destination label
next action
machine dependent argument
next action
uadmin shutdown
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
uadmin reboot
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
uadmin dump
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
uadmin freeze
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
uadmin remount
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
uadmin ftrace
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
uadmin swapctl
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
thaw after freeze
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
freeze action type
uadmin config
/sbin/uadmin
/usr/sbin/uadmin
uadmin(1M)
smbd
/usr/lib/smbsrv/smbd
domain
username
sid
smbd
/usr/lib/smbsrv/smbd
domain
username
VSCAN: quarantine infected file
/usr/lib/vscan/vscand
vscand(1M), ICAP RFC 3507 (Extensions)
infected file
ID - threat description
NDMP Connect
/usr/lib/ndmp/ndmpd
ndmpd(1M)
NDMP Disconnect
/usr/lib/ndmp/ndmpd
ndmpd(1M)
NDMP Backup
/usr/lib/ndmp/ndmpd
ndmpd(1M)
path to be backed up
local path of backup destination
remote ip address and port of backup destination
NDMP Restore
/usr/lib/ndmp/ndmpd
ndmpd(1M)
path to restore to
local path to restore from
remote ip address and port to restore from
authorization used
name
authorization used
property group type
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svcadm(1M)
svc.configd(1M)
svccfg(1M)
svc.configd(1M)
svccfg(1M)
svc.configd(1M)
svccfg(1M)
svc.configd(1M)
svccfg(1M)
svc.configd(1M)
svccfg(1M)
svc.configd(1M)
svccfg(1M)
svc.configd(1M)
svccfg(1M)
authorization used
name
snapshot name
svc.configd(1M)
svccfg(1M)
authorization used
name
snapshot name
svc.configd(1M)
svccfg(1M)
authorization used
old name
old snapshot
new name
new snapshot
svc.configd(1M)
svccfg(1M)
operation
imported file
svc.configd(1M)
svccfg(1M)
authorization used
name
type
value
svc.configd(1M)
svccfg(1M)
authorization used
name
type
value
svc.configd(1M)
svccfg(1M)
authorization used
name
svc.configd(1M)
svccfg(1M)
set CPU freq to minimal unless load increases
/usr/lib/hal/hald-addon-cpufreq
hald(1M)
authorization used
set CPU freq to Max
/usr/lib/hal/hald-addon-cpufreq
hald(1M)
authorization used
set CPU frequency threshold percentage
/usr/lib/hal/hald-addon-cpufreq
hald(1M)
authorization used
threshold percent 1-100
TPM error message
TPM_TakeOwnership
/usr/lib/tcsd
tcsd(8)
TPM_SetOperatorAuth
/usr/lib/tcsd
tcsd(8)
TPM_SetOwnerInstall
/usr/lib/tcsd
tcsd(8)
TPM_SelfTestFull
/usr/lib/tcsd
tcsd(8)
TPM_CertifySelfTest
/usr/lib/tcsd
tcsd(8)
TPM_ContinueSelfTest
/usr/lib/tcsd
tcsd(8)
TPM_OwnerSetDisable
/usr/lib/tcsd
tcsd(8)
TPM_OwnerClear
/usr/lib/tcsd
tcsd(8)
TPM_DisableOwnerClear
/usr/lib/tcsd
tcsd(8)
TPM_ForceClear
/usr/lib/tcsd
tcsd(8)
TPM_DisableForceClear
/usr/lib/tcsd
tcsd(8)
TPM_PhysicalDisable
/usr/lib/tcsd
tcsd(8)
TPM_PhysicalEnsable
/usr/lib/tcsd
tcsd(8)
TPM_PhysicalSetDeactivated
/usr/lib/tcsd
tcsd(8)
TPM_SetTempDeactivated
/usr/lib/tcsd
tcsd(8)
TPM_PhysicalPresence
/usr/lib/tcsd
tcsd(8)
TPM_FieldUpgrade
/usr/lib/tcsd
tcsd(8)
TPM_ResetLockValue
/usr/lib/tcsd
tcsd(8)
change hotplug connection state
/usr/lib/hotplugd
hotplugd(1M)
authorization used
device path
connector or port
new connection state
old connection state
set hotplug bus private options
/usr/lib/hotplugd
hotplugd(1M)
authorization used
device path
connector or port
bus private options
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
healthcheck type-PING,TCP,UDP or 3rd party script
healthcheck name
timeout(secs) to kill a hung healthcheck probe
- 0 means default value (see man page)
number of times to run a health check probe
before declaring a server to be dead - 0 means
default value (see man page)
time(secs) between 2 healthcheck events -
0 means default value(see man page)
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
healthcheck name
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
LB virtual IP address
minimum value in port range
maximum value in port range - max=min means single
port is specified
protocol
[rr,hip,hipp,hipv],[dsr,nat,half-nat]
proxy source address for NAT - may be single
address or a address range
prefix length
healthcheck name
healthcheck port - ANY(dynamically determined by ilbd)
or a positive integer
connection timeout for NAT/half-NAT in sec. - 0 means
no forced removal)
nat entry timeout for NAT/half-NAT in sec - 0 means
default value(see man page)
session persistence mapping in sec - 0 means no
persistence
server group name
rule name
authorization used
rule name - "all" means all rules
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
IP address
serverid that corresponds IP address - empty
if authorization fails, user specified IP address
is invalid or server cannot be added because
server group is full
server group name
server's minimum value in port range - empty
means default value (see man page)
server's maximum value in port range - empty
means default value(see man page)
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
serverid
IPaddr corresponding to the serverid - empty
if authorization fails, or user specified serverid
is nonexistent
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
serverid
IPaddr corresponding to the serverid - empty
if authorization fails, or user specified serverid
is nonexistent
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
serverid
server group name
IPaddr corresponding to serverid - empty
if authorization fails or user specified serverid
serverid is nonexistent
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
server group name
Integrated Loadbalancer
/usr/sbin/ilbadm
ilbadm(1m)
authorization used
server group name
Type of profile being enabled
Name of profile being enabled
Type of profile being disabled
Name of profile being disabled
Back-end data file being updated
Name of object being updated
Back-end data file being modified
Name of object being removed
Attribute update
Password update
bad username
authorization failed
bad uid
unknown failure
password expired
Account is locked
Bad dial up
Invalid ID
Invalid password
Not on console
Too many failed attempts
Protocol failure
Excluded user
No anonymous
Invalid command
Standard input not a tty line
Program failure
chdir to home directory
Input line too long.
login device override
authorization bypass
login disabled
Account is locked
Bad dial up
Invalid ID
Invalid password
Not on console
Too many failed attempts
Protocol failure
Excluded user
No anonymous
Halt the processor(s)
Halt the processor(s) and turn off the power
Reboot the system using the kernel file
Interactive reboot
Save the system state to the state file
Check if system supports suspend to disk
Force suspend to disk even when threads of user
applications are not suspendable
Save the system state to memory
Check if system supports suspend to memory
Single-user reboot
Single-user interactive reboot
Do not sync filesystems on next A_DUMP
Reboot bypassing BIOS and boot loader
Check if system supports reboot bypassing BIOS and boot loader
Update boot configuration parameters
Prepare for AD_REUSABLE
Create reusable statefile
Revert to normal CPR mode (not reusable)
ftrace start
ftrace stop
Authentication failed
The index to a PCR, DIR or other register is incorrect
One or more parameter is bad
auditing of the operation failed.
clear operations now physical access
The TPM is deactivated
The TPM is disabled
The target command has been disabled
The operation failed
The ordinal was unknown or inconsistent
The ability to install an owner is disabled
The key handle can not be interpreted
The key handle points to an invalid key
Unacceptable encryption scheme
Migration authorization failed
PCR information could not be interpreted
No room to load key.
There is no SRK set
An encrypted blob is invalid or was
not created by this TPM
There is already an Owner
The TPM has insufficient internal resources
A random string was too short
The TPM does not have the space to perform the operation.
The named PCR value does not match the current PCR value.
The paramSize argument has the incorrect value
There is no existing SHA-1 thread.
SHA-1 thread encountered an error.
Self-test has failed and the TPM has shutdown.
The auth for the second key failed authorization
The tag value sent to for a command is invalid
An IO error occurred transmitting information to the TPM
The encryption process had a problem.
The decryption process did not complete.
An invalid handle was used.
The TPM does not a EK installed
The usage of a key is not allowed
The submitted entity type is not allowed
The command was received in the wrong sequence
Signed data cannot include additional DER information
The key properties are not supported by this TPM
The migration properties of this key are incorrect.
Incorrect signature or encryption scheme
The size of the data parameter is bad
A mode parameter is bad
physicalPresence or physicalPresenceLock bits have wrong value
The TPM cannot perform this version of the capability
The TPM does not allow for wrapped transport sessions
TPM audit construction failed for failed command
TPM audit construction failed for successful command
PCR register does not have the resettable attribute
PCR register requires locality
Make identity blob not properly typed
Resource type does not match actual resource
Command only available when TPM is in FIPS mode
The command is attempting to use an invalid family ID
The permission to manipulate the NV storage is not available
The operation requires a signed command
Wrong operation to load an NV key
NV_LoadKey blob requires both owner and blob authorization
The NV area is locked and not writable
The locality is incorrect for the attempted operation
The NV area is read only and can't be written to
There is no protection on the write to the NV area
The family count value does not match
The NV area has already been written to
The NV area attributes conflict
The tag and version are invalid or inconsistent
The key evicted by the TPM Owner.
The counter handle is incorrect
The write is not a complete write of the area
The gap between saved context counts is too large
Max number of NV writes without owner has been exceeded
No operator AuthData value is set
The resource pointed to by context is not loaded
The delegate administration is locked
Attempt to manage a family other then the delegated family
Delegation table management not enabled
Command executed outside of exclusive transport session
Attempt to context save a owner evict controlled key
DAA command has no resources available to execute the command
The consistency check on DAA parameter inputData0 has failed.
The consistency check on DAA parameter inputData1 has failed.
The consistency check on DAA_issuerSettings has failed.
The consistency check on DAA_tpmSpecific has failed.
Atomic process indicated by DAA command is not the expected process.
Inconsistent issuer validity
The consistency check on w has failed.
The handle is incorrect
Delegation is not correct
The context blob is invalid
Too many contexts held by the TPM
Migration authority signature validation failure
Migration destination not authenticated
Migration source incorrect
Incorrect migration authority
Attempt to revoke the EK and the EK is not revocable
Bad signature of CMK ticket
There is no room in the context list for additional contexts
The TPM is too busy to respond to the command immediately
SelfTestFull has not been run
The TPM is currently executing a full selftest
TPM is defending against dictionary attacks