How does PIM Endpoint resolves IP to hostname in audit log?
search cancel

How does PIM Endpoint resolves IP to hostname in audit log?

book

Article ID: 248887

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Sometimes when we run seaudit there are IPs that are not resolved to the hostnames.

How does PIM Endpoint resolves IP to hostname in audit log?

Environment

Release : 12.8

Component : CA ControlMinder - Unix

Resolution

There are 2 use cases how PIM resolves IP to hostname.
 1. When PIM checks the rule
 2. When user runs seaudit command

At the first use case, IP addresses are resolved to hostname by utilizing LADB (lookaside database) and also system call if osuser_enabled=yes is set in seos.ini. Please refer below documentation for more about lookaside database.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-identity-manager/12-8-01/reference/utilities/sebuildla-utility-create-a-lookaside-database.html

At the 2nd use case, PIM will resolve using system call. So, when system cannot resolve the IP address, seaudit command may show IP address only.

Powered by Wolken Software