Compliance Event Manager r6 not trapping LOG=NONE security calls
Article ID: 127544
CA Compliance Event Manager
I have two policies in CEM in this order
1. Capture all SIGNON and OBJECT ACCESS VIOLATIONS with condition LOG=NONE - confirmed that multiple other unrelated are captured
2. Capture all SIGNON and OBJECT ACCESS VIOLATIONS (no conditions) - confirmed that violations are captured reliably
Traced the violation on SDSF resource when I try to view DDs in S.DA. This event is NOT captured by CEM via policy in (1.) but it IS captured by policy in (2.) which would seem to indicated that it is not a LOG=NONE event. This event as is NOT on a TSSUTIL report which seems to confirm that it is of type with LOG= that does not get sent to AUDIT tracking file.