Symantec Privileged Access Management

View Only

When connecting to mstsc in Windows PAMSC, only HOSTNAME appears, not IP.

TaeHyun Kim posted Aug 11, 2024 10:39 PM

Hello, All

When connecting to Windows PAMSC from an external PC,

the IP appears when you perform "seaudit -a -n" in the HOST class.

However, in the TERMINAL class, when the LOGIN event is performed with "seaudit -a -n",

only the HOSTNAME is visible and the IP is not visible.

Is there a way to show the IP in LOGIN ??

=====================================================================================

PAMSC Version : PAMSC-14.10.50.37-windows and PAMSC-14.10.60.129-windows

=====================================================================================

C:\Windows\system32>seaudit -a -st now-5 -n
seaudit - Audit log lister
26 Jul 2024 18:40:45 O LOGOUT ONE-2023\oneadmin 49 2 UNICENTER Terminal Services
26 Jul 2024 18:40:55 M SHUTDOWN 0 seosd
26 Jul 2024 18:41:23 M START seosd
26 Jul 2024 18:41:23 M START AgentManager
26 Jul 2024 18:41:27 W LOGIN ONE-2023\oneadmin 1202 4 UNICENTER C:\Windows\System32\lsass.exe
26 Jul 2024 18:43:40 W LOGIN ONE-2023\oneadmin 1202 4 UNICENTER C:\Windows\System32\lsass.exe
26 Jul 2024 18:43:43 W LOGIN ONE-2023\oneadmin 1202 4 UNICENTER C:\Windows\System32\lsass.exe
26 Jul 2024 18:43:45 P LOGIN ONE-2023\oneadmin 55 2 192.168.186.1 C:\Windows\System32\lsass.exe
26 Jul 2024 18:43:50 W LOGIN ONE-2023\oneadmin 1202 4 UNICENTER Terminal Services
26 Jul 2024 18:44:14 P LOGIN ONE-2023\oneadmin 55 10 192.168.186.1 selang

Broadcom Employee Reatesh Sanghi posted Oct 08, 2024 05:30 AM

Hello TaeHyun Kim,

Can you upgrade CA PAM SC 14.10.50.37 as well to 14.10.60.129 and verify the results?

Thanks,
Reatesh.

TaeHyun Kim posted Oct 27, 2024 09:45 PM

Hello Reatesh,

Same result in version 14.10.60.129.

Thanks,

TH.

C:\Users\oneadmin>seaudit -a -sd today-60 -n | findstr LOGIN
29 Aug 2024 11:11:45 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 C:\Windows\System32\lsass.exe
29 Aug 2024 11:11:46 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 C:\Windows\System32\lsass.exe
29 Aug 2024 11:11:47 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 Terminal Services
29 Aug 2024 11:11:48 P LOGIN ONE-2023\oneadmin 55 2 192.168.0.3 C:\Windows\System32\lsass.exe
29 Aug 2024 13:38:34 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 C:\Windows\System32\lsass.exe
29 Aug 2024 13:38:35 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 Terminal Services
29 Aug 2024 14:11:43 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 C:\Windows\System32\lsass.exe
29 Aug 2024 14:11:43 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 Terminal Services
29 Aug 2024 14:12:20 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 C:\Windows\System32\lsass.exe
29 Aug 2024 14:12:20 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 Terminal Services
04 Sep 2024 11:11:07 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 C:\Windows\System32\lsass.exe
04 Sep 2024 11:11:10 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 C:\Windows\System32\lsass.exe
04 Sep 2024 11:11:11 P LOGIN ONE-2023\oneadmin 59 2 192.168.0.79 Terminal Services
04 Sep 2024 11:11:12 P LOGIN ONE-2023\oneadmin 55 2 192.168.0.3 C:\Windows\System32\lsass.exe
05 Sep 2024 21:13:00 P LOGIN ONE-2023\oneadmin 59 2 UNICENTER C:\Windows\System32\lsass.exe
05 Sep 2024 21:13:04 P LOGIN ONE-2023\oneadmin 59 2 UNICENTER C:\Windows\System32\lsass.exe

PAMSC> exit