Clarity Service Management

Expand all | Collapse all

AUDIT LOG FOR IPs,MAC OF USERS

Jump to Best Answer
  • 1.  AUDIT LOG FOR IPs,MAC OF USERS

    Posted 09-13-2019 05:49 AM
    Hello all,
    Good day and trust this note meets you all well.
    Please we have a requirement from a customer's Audit unit to have an audit log that captures users Ip address, Mac address etc whenever an activity is carried out on the CA Service Management Platform.
    The customer is a financial institution and so cautious of users engagement on all their applications.
    I want to know if this is by any chance possible within the CA SDM application itself without using a 3rd party application to achieving this.
    Thanks and Regards,
    Amosu


  • 2.  RE: AUDIT LOG FOR IPs,MAC OF USERS
    Best Answer

    Posted 09-16-2019 07:00 AM
    Hi Amosu,

    The fields in question sound like are on the CI (Configuration Item). So you should be able to see changes to these on 'Versioning Tab' of the CI, assuming you have the users CI in the CMDB.

    Otherwise, please give us more context\details regarding the requirement...


    ------------------------------
    Kind Regards,
    Brian
    ------------------------------



  • 3.  RE: AUDIT LOG FOR IPs,MAC OF USERS

    Posted 09-16-2019 10:58 AM
    Sounds like you want some kind of security auditing within the SDM application.

    Is this for changes to the application or for all activity within the SDM application?

    ------------------------------
    Paul Coccimiglio
    Principal Support Engineer
    Broadcom Inc.
    ------------------------------



  • 4.  RE: AUDIT LOG FOR IPs,MAC OF USERS

     
    Posted 21 days ago
    Although this post already has a "Best Answer" flagged, I wanted to add that the "session_log" table captures every user and their session id when they log in.

    Details here:
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/business-management/ca-service-management/17-2/reference/ca-service-desk-manager-reference-commands/objects-and-attributes/session-objects.html

    Some things to note.

    • It needs to be enabled. See variable NX_SESSION_LOG_EXCLUDE.
      How to get a list of contacts who has logged into Service Desk Manager.
      https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=14867
    • This does not explicitly capture IP or MAC Address, but it does record the information for every session created at login and logout as above.
    • We generally recommend that it be turned OFF if you don't need it, as it can put on a small performance overhead. (Check this.)
    • You MUST put on an Archive and Purge rule against the session_log table, as it can grow to an enormous size on a busy system.
    • It records at the "session" level and not at the "activity" level. 
    Some notes on other options.


    I hope that helps. 

    Please note the key point, and that is that extensive low level auditing will require extra system resources. You must plan for this overhead, and ruthlessly eliminate all that is not strictly required, or you will suffer performance overhead.


    Thanks, Kyle_R.