I was curious if anyone knows of any good log cleaning tools out there that take care of extended process accounting on Solaris.  I'm not trying to do something illegal.  Quite the contrary actually.  A pentest I was involved with recently had extended accounting on some Solaris servers, so even with credentials, we basically were on and off without a good tool to clean the logs.  Same thing with BSM.  As soon as you see its there, you have to get off or the test is over (if your admin is worth the money they are paying him).  I got to thinking it can't be too hard to write some cleaning tools. A google search turned up nothing, but often doesn't.  Anyone know of anything out there before I get to coding?

Thanks.

Yeah, that thought hadn't escaped me, but you wouldn't believe the number of INTERNET ACCESSIBLE boxes I find in pen tests that are only logging locally.  Often times the admin has been lulled into a false sense of security because they run a cron job or some such to fire off relevant log and audit entries to a logging server on a regular basis.  In this case, it is just a matter of beating the cron (or simply pausing it) so you can clean your garbage out of the logs first.

I haven't had touched Solaris once yet, but I am assuming that programs written in Python or similar languages should work on it. With Python it is for example very easy to automate various tasks.

Gathering information on forensic tools such as Microsoft's Coffee, EnCase Portable, etc. it should not be too hard to reverse the process and clean all logs which are gathered from them.