ca pam logs sent to SYSLOG not appear

book

Article ID: 212179

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

CA PAM was configured to send logs to external SYSLOG, most of the logs are sent and received by External SYSLOG, but there are some particular events that were not sent, these events occurred and cases have been opened to support to fix them. The customer asks why the LDAP and Auto-Archive errors events do not appear in the SYSLOG? when the rest of the events are sent?

CA PAM version: 3.3.1.203

Error event messages not appearing in External SYSLOG but shows in PAM Client Dashboard:

PAM-CMN-0628 = An LDAP operation is in progress.

PAM-CMN-3136 = Metrics auto archive failed. Please check Settings, Credential Manager Settings, Auto-Archive.

PAM-CMN-3137 = Audit Log auto archive failed. Please check Settings, Credential Manager Settings, Auto-Archive. 
 
 
 

Cause

In summary some Administrative messages as (PAM-CMN-3136 and PAM-CMN-3137)  shows only in PAM Dashboard. These kind of Admin messages only shows in UI and will not be forwarded to Session Logs neither external Syslog when configured.

Environment

Release : 3.3

Component : CA LDAP Server

Resolution

In summary some Administrative messages as (PAM-CMN-3136 and PAM-CMN-3137)  shows only in PAM Dashboard. These kind of Admin messages only shows in UI and will not be forwarded to Session Logs neither external Syslog when configured.

For example, when auto archive had errors and when Audit had errors and don't shows in Session Logs. So they will not be forwarded also to syslog server.

Only messages that show in session logs will be forwarded to Syslog.

Message as PAM-CMN-0628 and this shows in GUI only when we are running ldap importer and go to Dashboard of PAM we can see the message PAM-CMN-0628.

But when ldap importer run this does not go to Session Log, so this is not forwarded to syslog server.

In place of this message you can monitor other correlated messages  in session logs that also will show  syslog server the message with id  PAM-CMN-0629: LDAPS connection made to <IP-adress>:<port>. This message shows in session logs indicating that connection to ldapserver started

PAM is working as designed.