TSSUTIL Report Event Counts

book

Article ID: 111439

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction



In the following, INITS+VIOLATIONS+ACCESS does not add up to the SECURITY EVENTS FOUND MATCHING SELECTION CRITERIA count. What can the other events be?

Environment

Release:
Component: TSSMVS

Resolution

The value from the line 'SECURITY EVENTS FOUND' represents the total number of records that have passed the selection criteria and will be included in the EXTRACT or REPORT request, this is an absolute value. The category values for INITS, VIOLATIONS, and ACCESSES were never intended to add up to the value of total events since the do not represent all the record types to be included. They are just to be used as summaries for that category. In fact, the VIOLATION count could include events that are also recorded in both INITS and ACCESSES, so in many cases the count is doubled for those events matching both an INIT / ACCESS and a violation.