The following is a list of issues known to exist with Sun Solaris systems processing at the time of Quest release: InTrust 9.5.
On a SPARC machine, a successfully installed agent may fail to start with the following error message logged to syslog: "ADC error: 8adc1006 host/server name not known". If this happens, use the 'hostname' command to restore the host name.
During an attempt to uninstall an InTrust agent on a Solaris system, the file adcscm.solaris_sparc may be removed before the agent process is stopped. In that case, uninstallation of the agent fails, and no further attempt to uninstall the agent can succeed until you create a new file with the name 'adcscm.solaris_sparc' that the uninstallation process is able to remove.
When you are gathering BSM log events from a Solaris host that does not have access to a DNS server and has an entry for itself in the hosts file only by a FQDN and not by its short name, gathering fails with the following error: 'ADC Error: Failed to collect from network object. (Internal error: Failed to enumerate event logs. (host/servername not known (CRuntime error: 8)))'. Edit the hosts file on the Solaris host include an entry for the short name of that host.
When InTrust collects syslog events from a Linux machine, events logged on a Solaris machine and redirected to a Linux machine are stored with the Linux PlatformID (630) and not the Solaris one (610). When InTrust collects a redirected Linux syslog trail from a Solaris host, all events are saved with the Solaris PlatformID.
The following reports from the InTrust for Solaris report pack work only for events collected from Solaris 8 and 9:
Forensic Analysis / Solaris Syslog Events
Normal User Activity / Logins / Failed logins
Normal User Activity / Logins / Successful logins
Normal User Activity / Privileged User Logins / Failed logins of privileged users
Normal User Activity / Privileged User Logins / Successful logins of privileged users
When you collect data from a BSM log, you may receive a warning that InTrust is unable to find the last gathering position in the log file to start gathering from. InTrust is unable to identify a last gathered event in the BSM log file if any process keeps the log file open at the time of gathering. When this happens, all data in such a log file is gathered starting from the first record in it. To avoid collection of duplicate data, consider forcing the Solaris system to start writing a new BSM log file shortly before the gathering is started.