UIM 20.3.x - Auditing Operator Console logins

book

Article ID: 205830

calendar_today

Updated On:

Products

CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) NIMSOFT PROBES DX Infrastructure Management

Issue/Introduction

We upgraded to the latest version, UIM v20.3.2 where UMP was replaced by the Operator Console (OC). Our security team would like to monitor external user sign-ins to the portal. Is there a way to collect audit logs from Operator Console that shows sign ins with timestamps of Account Users and Bus users and maybe even source IP?

Also is there a quick way to see last logon date of account users?

We found the KB article:

UIM - UMP User Activity Report - https://knowledge.broadcom.com/external/article/34331 

Which listed two sql-tables which shows last logon date of Account users. These would meet our requirements, but umpSession and User_ tables have been used only by Liferay and they are not used or updated anymore after the OC update. Are there equivalent sql tables on UIM 20.3?

Cause

- Liferay is no longer being used in UIM 20.3x

Environment

Release : UIM 20.3

Component : UNIFIED INFRASTRUCTURE MGMT

Resolution

As of now, there isn't any easy straightforward method to track user activity/login as of 20.3.

In 20.3.x, the User_ table is now the CM_User_ table. It works similarly, the entries in this table are created each time any user (nimbus user or account user) log into OC for the first time. However, the loginDate and lastLoginDate fields are not attributes in the new table. 

The alternative is monitoring the wasp.log with logmon for OC logins as described in the KB:

UMP login / logout and admin functions performed auditing
https://knowledge.broadcom.com/external/article?articleId=192935

Although the KB still references UMP, the wasp.log still logs the logging attempts.

Examples:

Administrator logs into OC --> 

Wasp.log:

Dec 23 12:36:13:261 DEBUG [http-nio-80-exec-17, com.firehunter.ump.auth.NmsAuth] Login from request user {userId=10159, screenName=administrator, [email protected], locale=en_US, firstName=administrator, middleName=null, lastName=} 
Dec 23 12:36:13:403 DEBUG [http-nio-80-exec-17, com.firehunter.ump.auth.NmsAuth] User prin [email protected]cf24917(administrator) found for 10159 

Account user logs in:  (ipxxxxx)

Wasp.log

Dec 23 12:45:47:211 DEBUG [http-nio-80-exec-12, com.nimsoft.nimbus.probe.service.wasp.db.DbPreparedStatement] Query pNJt took: 0.001s 
Dec 23 12:45:47:211 DEBUG [http-nio-80-exec-12, com.nimsoft.nimbus.probe.service.wasp.auth.LoginModule] ippma03 logged in. 
Dec 23 12:45:47:211 DEBUG [http-nio-80-exec-12, com.firehunter.ump.auth.NmsAuth] User: ipxxxxx, NimBUS login milliseconds: 129 
Dec 23 12:45:47:215 DEBUG [http-nio-80-exec-12, com.firehunter.ump.auth.NmsAuth] Login from request user {userId=10161, screenName=ipxxxxx, [email protected], locale=en_US, firstName=dicjiod, middleName=null, lastName=dsmopc} 

Additional Information

Related KB's:

UIM - UMP User Activity Report
https://knowledge.broadcom.com/external/article/34331

UMP login / logout and admin functions performed auditing
https://knowledge.broadcom.com/external/article?articleId=192935