CA PIM: About audit.cfg for TCP port 0
Article ID: 113409
Updated On:
Products
CA Virtual Privilege Manager
CA Privileged Identity Management Endpoint (PIM)
CA Privileged Access Manager (PAM)
Issue/Introduction
We may see the following event for TCP port number 0.
=====
<Date&Time> P TCP (Inbound) 0 408 3 Windows-box
=====
*Windows-box is host name.
Even if we set Windows-box into host-name field in audit.cfg file like this, it is not filtered.
==audit.cfg==
TCP;0;Windows-box;*;*;*
===========
Home come?
Environment
Windows
CA PIM12.8
CA PIM12.8
Resolution
Yes, it is correct behavior.
For TCP port number 0:
We can set only wild card(*) into host-name field in audit.cfg file.
Also, even if we set Windows-box* into host-name field in audit.cfg file, it is same as *.
So if we can set Windows-box into host-name field in audit.cfg file, the rule is not effective.
For TCP port number 0:
We can set only wild card(*) into host-name field in audit.cfg file.
Also, even if we set Windows-box* into host-name field in audit.cfg file, it is same as *.
So if we can set Windows-box into host-name field in audit.cfg file, the rule is not effective.
Feedback
Yes
No
Powered by
