How can I track when and who made changes to the PAM server configuration?

book

Article ID: 130882

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

For auditing reasons, we may need to store information on when and who made some changes to the PAM server configuration, for later review.

How can I track when and who made changes to the PAM server configuration?

Environment

Any version of PAM Server.

Resolution

Regarding the audit capabilities on the PAM server configuration changes, most of these changes are registered in the 'Session Logs'.
For instance, in my test system I have changed the NTP server and the Trap Community.
In the session logs I could see lines like:
...
PAM-CM-0426: SNMP trap configuration saved successfully. Trap Community: xxxx.
PAM-CM-0354: Updated Time Servers. Synchronize at boot: Enabled, Servers: [nnn.nnn.nnn.nnn].

...
And double clicking on these messages, a windows opens with additional data like 'Date/Time', 'User Name', 'Transaction', 'Private Address', 'Public Address', 'Port', Applet', 'Service', 'Taget Account', etc which are filled with data or not, depending on the nature of the message.


Additional Information

Probably, not all the events are tracked, so feel free to open an idea in the PAM Communities to request the inclusion of the ones you may be missing.

Attachments