search cancel

CA PIM: About audit.cfg for TCP port 0

book

Article ID: 113409

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction



We may see the following event for TCP port number 0. 
=====
<Date&Time> P TCP (Inbound) 0 408 3 Windows-box
=====

*Windows-box is host name.

Even if we set Windows-box into host-name field in audit.cfg file like this, it is not filtered.
==audit.cfg==
TCP;0;Windows-box;*;*;*
===========
Home come?

Environment

Windows 
CA PIM12.8

Resolution

Yes, it is correct behavior.
For TCP port number 0:
We can set only wild card(*)  into host-name field in audit.cfg file.
Also, even if we set Windows-box* into host-name field in audit.cfg file, it is same as *.
So if we can set Windows-box into host-name field in audit.cfg file, the rule is not effective.