CA PAM was configured to send logs to external SYSLOG, most of the logs are sent and received by External SYSLOG, but there are some particular events that were not sent, these events occurred and cases have been opened to support to fix them. The customer asks why the LDAP and Auto-Archive errors events do not appear in the SYSLOG? when the rest of the events are sent?
CA PAM version: 3.3.1.203
Error event messages not appearing in External SYSLOG but shows in PAM Client Dashboard:
PAM-CMN-0628 = An LDAP operation is in progress.
PAM-CMN-3136 = Metrics auto archive failed. Please check Settings, Credential Manager Settings, Auto-Archive.
Release : 3.3
Component : CA Privileged Access Management (CA PAM) Server
In summary some Administrative messages as (PAM-CMN-3136 and PAM-CMN-3137) shows only in PAM Dashboard. These kind of Admin messages only shows in UI and will not be forwarded to Session Logs neither external Syslog when configured.
In summary some Administrative messages as (PAM-CMN-3136 and PAM-CMN-3137) shows only in PAM Dashboard. These kind of Admin messages only shows in UI and will not be forwarded to Session Logs neither external Syslog when configured.
For example, when auto archive had errors and when Audit had errors and don't shows in Session Logs. So they will not be forwarded also to syslog server.
Only messages that show in session logs will be forwarded to Syslog.
Message as PAM-CMN-0628 and this shows in GUI only when we are running ldap importer and go to Dashboard of PAM we can see the message PAM-CMN-0628.
But when ldap importer run this does not go to Session Log, so this is not forwarded to syslog server.
In place of this message you can monitor other correlated messages in session logs that also will show syslog server the message with id PAM-CMN-0629: LDAPS connection made to <IP-adress>:<port>. This message shows in session logs indicating that connection to ldapserver started
PAM is working as designed.