Users who run su(1M) to become root or another user, can compromise security by accessing other users' files without their knowledge. For this reason, a usage log is kept for su. Check the file /var/adm/sulog to monitor use of su. The format of /var/adm/sulog is described in ``Logging su(1M) usage''
Another way to record all use of the su command is to print a message on the system console each time the command is run. To do this, add the line
CONSOLE=/dev/consoleto /etc/default/su.