How can I track when and who made changes to the PAM server configuration?
Article ID: 130882
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
For auditing reasons, we may need to store information on when and who made some changes to the PAM server configuration, for later review.
How can I track when and who made changes to the PAM server configuration?
How can I track when and who made changes to the PAM server configuration?
Environment
Any version of PAM Server.
Resolution
Regarding the audit capabilities on the PAM server configuration changes, most of these changes are registered in the 'Session Logs'.
For instance, in my test system I have changed the NTP server and the Trap Community.
In the session logs I could see lines like:
...
PAM-CM-0426: SNMP trap configuration saved successfully. Trap Community: xxxx.
PAM-CM-0354: Updated Time Servers. Synchronize at boot: Enabled, Servers: [nnn.nnn.nnn.nnn].
...
And double clicking on these messages, a windows opens with additional data like 'Date/Time', 'User Name', 'Transaction', 'Private Address', 'Public Address', 'Port', Applet', 'Service', 'Taget Account', etc which are filled with data or not, depending on the nature of the message.
For instance, in my test system I have changed the NTP server and the Trap Community.
In the session logs I could see lines like:
...
PAM-CM-0426: SNMP trap configuration saved successfully. Trap Community: xxxx.
PAM-CM-0354: Updated Time Servers. Synchronize at boot: Enabled, Servers: [nnn.nnn.nnn.nnn].
...
And double clicking on these messages, a windows opens with additional data like 'Date/Time', 'User Name', 'Transaction', 'Private Address', 'Public Address', 'Port', Applet', 'Service', 'Taget Account', etc which are filled with data or not, depending on the nature of the message.
Additional Information
Probably, not all the events are tracked, so feel free to open an idea in the PAM Communities to request the inclusion of the ones you may be missing.
Feedback
Yes
No
Powered by
