To add to the information provided by Scott and William
1. Enabling Audit in Identity Manager (https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-3/management-console-help/how-to-configure-auditing/configure-audit-settings.html) to ensure the login / logout events are audited
<AuditEvent name="Login" enabled="true" auditlevel="BOTHCHANGED">
<AuditProfile objecttype="USER" auditlevel="BOTHCHANGED"/>
<EventState name="COMPLETE" severity="NONE"/>
<EventState name="INVALID" severity="CRITICAL"/>
</AuditEvent>
<AuditEvent name="Logout" enabled="true" auditlevel="BOTHCHANGED">
<AuditProfile objecttype="USER" auditlevel="BOTHCHANGED"/>
<EventState name="COMPLETE" severity="NONE"/>
<EventState name="INVALID" severity="CRITICAL"/>
</AuditEvent>
2. Configuration changes are done on the OS level, so indeed history (and other Linux OS commands, if available) can be used. In addition, /opt/CA/VirtualAppliance/logs/ca_vapp_main.log can be used
3. Additional monitoring options are available via
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-2/virtual-appliance/monitoring-virtual-appliance.htmlRegards
Rinat
Original Message:
Sent: 08-03-2020 07:26 AM
From: Ribesh Shrestha
Subject: Log Detail and message code
Dear Team,
Our Customer security team wants to know from which log and message code the following information are generated.
1. The critical parameters for which logging should be enabled are:
a. user authentication for ex. unauthorized attempts to connect to the network using an incorrect user ID or password; and
b. configuration changes (ex. commands executed, patch update, security parameter change).
2. Parameters like username, node identifier, IP Address (source and destination) , Date/Time, result of operation/authentication request etc. should be captured in the logs.
Version information
CA Identity Suite, Virtual Appliance Version 14.2.0
Cumulative Patch Level
ProductVersion
Virtual Appliance14.2.0 GA
Identity Manager14.2.0 CP5
Identity Governance14.2.0 CP3
Identity Portal14.2.0 CP2
Operating System14.2.0 GA
Database: 2016 standard version
Thank you,
------------------------------
Technical Associate
CAS
------------------------------