ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Sessions Logs - Missing password view events


Article ID: 109779


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


Why aren't password views logged to CA PAM's Session Logs?


PAM 3.x


In CA PAM - the password views are not logged to our session logs because we have the following: 

A specific report for this: 
CA PAM UI >> Credentials >> Reports >> Run >> Here you will find a report call "View Password Requests" that will give the information that you are looking for. 

Alternatively; you can either implement our Splunk or Syslog Forwarding Integration - that will send these "Audiiting" type messages. 

Example Audit event in Splunk: 

Aug 3 09:16:57 1 2018-08-03T13:18:39+00:00 dedke01-pam32 pam - metric DETAIL <Metric><type>viewAccountPassword</type><level>1</level><description><hashmap><k>commandInitiator</k><v>USER</v><k>adminUserID</k><v>super</v><k>reason</k><v></v><k>selectedComponent</k><v>0</v><k>Attribute.descriptor2</k><v></v><k>Attribute.descriptor1</k><v></v><k>TargetAccount.ID</k><v>1020</v><k></k><v>WIN-Remote</v><k>reasonDetails</k><v>Password Viewed</v><k>password</k><v></v><k>TargetServer.hostName</k><v></v><k>TargetAccount.accessType</k><v></v><k>referenceCode</k><v></v><k>adminPassword</k><v></v><k>TargetAccount.userName</k><v>administrator</v></hashmap></description><errorCode>0</errorCode><userID>super</userID><success>true</success><originatingIPAddress></originatingIPAddress><originatingHostName></originatingHostName><extensionType></extensionType></Metric> 


Additional Information

For more information on integrating CA PAM with Splunk via Syslog - you can follow this knowledge document: