CA PAM after version 3.4.3 enables a feature to run sftp/scp file transfers vial the SSH proxy, and when this feature is used, session recording is not activated. Where can I find the details for these transactions?
Release : 3.4.3 and higher
Component : PRIVILEGED ACCESS MANAGEMENT
The scp and sftp transactions are single commands sent to the target device. There would be no need to record a session like we do for a SSH session so these actions are simply recorded in the session logs and syslog outputs
The following are samples of what is recorded for SCP / SFTP actions
PAM-PRX-0078="Downloaded {0} ({1}) as {2}”
PAM-PRX-0079=“Uploaded {0} ({1}) as {2}”
PAM-PRX-0080=“Deleted {0} as {1}”
PAM-PRX-0081=“Renamed {0} to {1} as{2}”
PAM-PRX-0082=“Created new directory {0} as {1}”
PAM-PRX-0083="Removed directory {0} as {1}”
Downloaded home/sshtest/scp-test/size-1048576.dat (1024.0 KB) as sshtest
Uploaded home/sshtest/scp-test/16B.txt (16 B) as sshtest
Deleted home/sshtest/scp-test/size-1048576.dat as sshtest
Renamed /home/sshtest/scp-test/size-256k-262144.dat to /home/sshtest/scp-test/size-256k.dat as sshtest
Created new directory home/sshtest/scp-test/test-folder as sshtest
Removed directory home/sshtest/scp-test/test-folder as sshtest