The ENTM in CA PIM 12.X has the option to forward Access Control (AC) and UNAB events.

In particular, in the ENTM console accessing System -> CA User Activity Reporting -> Manage Audit Forwarder, it is possible to define a machine with a remote syslog that will pick up the log events

The present article discusses how this can be achieved for PAM SC 14.X

Release :

Component : PAMSC 14.1

Only CA PIM 14 can communicate with the 12.x agents since it includes the tibco bridge. PAM SC releases do not have the bridge, which means no audit events from  older endpoint versions 12.8.x or 12.9.x can be sent to PAM SC 14.X. Besides, CA PAMSC 14.x does not have an event forwarder implementation, so it is not possible to configure a syslog server in PAM SC 14.X ENTM for the events in CEF format to be forwarded to.

One possible option in this case is to take the log files directly and use them as required.

To do this, the log file is stored in the following paths:

For PAMSC 14.1 we log at - <WILDFLY_HOME>\log\CM_events.log
For PAMSC 14.0 we log at - <JBOSS_HOME>\log\CM_events.log

This is only valid for CA PAMSC as any CA PIM version already has the event_forwarder service.