CA Privileged Identity Manager for Endpoint can be filtered unexpected audit record by audit filter, audit.cfg.
But TRACE event is not filter with strings in audit log.
Customer omit some log with audit.cfg.
But he cannot omit the login as following:
OS: Windows Product: CA Privileged Identity Manager all for Endpoint
It seems to be correct behavior.
Match function works in such way that it tries to match string
1. *ipconfig* OK
2. 'ipconfig* NO MATCH
3. 'ipconfig* NO MATCH
4. EXECARGS*ipconfig* NO MATCH
5. *EXECARGS*ipconfig OK
The main point here is that we have parameter in the following format:
and the filter syntax should be accordingly.
So, you set filter as following: