Compliance Event Manager r6 not trapping LOG=NONE security calls

book

Article ID: 127544

calendar_today

Updated On:

Products

CA Compliance Event Manager

Issue/Introduction

I have two policies in CEM in this order 

1. Capture all SIGNON and OBJECT ACCESS VIOLATIONS with condition LOG=NONE - confirmed that multiple other unrelated are captured 

2. Capture all SIGNON and OBJECT ACCESS VIOLATIONS (no conditions) - confirmed that violations are captured reliably 

Traced the violation on SDSF resource when I try to view DDs in S.DA. This event is NOT captured by CEM via policy in (1.) but it IS captured by policy in (2.) which would seem to indicated that it is not a LOG=NONE event. This event as is NOT on a TSSUTIL report which seems to confirm that it is of type with LOG= that does not get sent to AUDIT tracking file. 

 

Environment

Release:
Component: CEVM

Resolution

SO06184