search cancel

Can SYSLOG logs that were send at an earlier date to a Splunk server be recovered through PAM UI?

book

Article ID: 258158

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Can SYSLOG logs that were send at an earlier date to a Splunk server be recovered through PAM UI?

 

Environment

Release : All supported PAM versions

Cause

Customer's Splunk server related disk was full when PAM forwarded the Syslog data to Splunk. The syslogs were not captured at Splunk.

Resolution

1. The PAM  session logs (that are forwarded via syslog)  will still have the most important messages.. (Note that PAM session logs can be retrieved via PAM UI ---Sessions>log)

2. Some syslog forwarded messages would not be available through PAM GUI since syslog sends other information 

Additional Information

None.