After installation PAMSC 14.1 CP02, customer login system via SSH. But LOGIN event does not appear in audit log.
The problem is 64 bit-specific and appeared only recently because now a 64-bit sshd is used on Solaris.
OS: Solaris 11.4
Product: Symantec Privileged Access Manager Server Control 14.1 CP2
Change from PAMlogin to none at loginflags and loginseq(SGRP SEID) as following selang command:
PAMSC> er LOGINAPPL LIB_SSH loginflags(none) loginseq(SGRP SEID)
If loginseq does not change at change on loginflags, it appears 2 LOGIN event. One is correct user and the other is root.
And then, this environment does not catch failed login. So, serevu does not work.