Trying to understand how to trap TSO Logon - Logoff events? Tried with System access events related to ESM signon and signoff but CEM triggers multiple signon events for a single Logon or Logoff action. Is this normal? How can we trap just one?
Release : 6.0
Component : CA COMPLIANCE EVENT MANAGER
For Event-based monitor policy statements with Signon, Successful Signon, and Signoff checked, CEM will get all the events that are associated to those events.
Some actions are not one-to-one.
For example, Signon may generate multiple racroute verify calls. In that case, CEM will return all events associated.