UHCHIDAthis information is stored in an internal db and can be viewed using seaudit commands on the local nodes
An example may look something like this
[root@xxxxxxxxxx ~]# seaudit -a -st now-5
CA Privileged Access Manager Server Control seaudit v14.10.0.1335 - Audit log lister
Copyright (c) 2018 CA. All rights reserved.
22 Jul 2020 13:38:47 S UPDATE XUSER seosd 338 10 joe
22 Jul 2020 13:38:47 P LOGIN joe 59 2 10.230.8.131 SSH (OS user)
to collect all the latest information about a user loging on all terminals you can use
[root@xxxxxxxxxxx ~]# seaudit -l "joe" "*"
CA Privileged Access Manager Server Control seaudit v14.10.0.1335 - Audit log lister
Copyright (c) 2018 CA. All rights reserved.
22 Jul 2020 13:38:47 P LOGIN joe 59 2 10.230.8.131 SSH (OS user)
22 Jul 2020 13:39:50 O LOGOUT joe 49 2 (OS user)
The command usage can be found with -?
Most customers have their audit data forwarded to a tool like Splunk which they can build larger reports and search through more than 1 host at a time. There are also some reports you can generate from the ENTM gui if you have configured snapshots. I personally do not have any documentation to provide and there are several possible methods but you could request this type of information from a presales or services engineer.
Joe Lutz
Original Message:
Sent: 07-22-2020 07:45 AM
From: Akio UCHIDA
Subject: auditlog information
Hello,
I have received questions for auditlog records from an user.
If someone accesses a PIM server and some resource from a remote device, new records are generated in the auditlog(seos.audit).
He is wondering from where in the server, the auditlog collects user information (hostname, IP address or userID).
I have checked your online manual, but I couldn't find useful information to answer it.
Could you kindly share us the way how to collect the information (especially user one)?
Regards,
UHCHIDA Akio