Hello, When you double-click on the message, or when you export session log messages, you will see a bunch of IP columns such as the "NAT/Proxy Address". If no proxy is involved, this should be the source IP. If the private IP is set, it could be that. There may be more information in the system logs, which would have to be examined by PAM Support.
Original Message:
Sent: May 21, 2025 11:43 PM
From: David Chung Ling Tet
Subject: PAM - how to track source IP address that triggers PAM-CMN-xxxx: Possible injection attack session message log
HI Broadcom Community
We have inquiry about the PAM-CMN-xxxx Possible injection attack message log appear on the PAM session manager log. is there a way for us to track and identify the IP address of the attacker that triggered the "PAM-CMN-xxxx Possible injection attack" alarm? can we trace this using any of the PAM function or audit reports? Please advise Thank you