Can SYSLOG logs that were send at an earlier date to a Splunk server be recovered through PAM UI?

search cancel

Can SYSLOG logs that were send at an earlier date to a Splunk server be recovered through PAM UI?

book

Article ID: 258158

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Can SYSLOG logs that were send at an earlier date to a Splunk server be recovered through PAM UI?

Environment

Release : All supported PAM versions

Cause

Customer's Splunk server related disk was full when PAM forwarded the Syslog data to Splunk. The syslogs were not captured at Splunk.

Resolution

1. The PAM session logs (that are forwarded via syslog) will still have the most important messages.. (Note that PAM session logs can be retrieved via PAM UI ---Sessions>log)

2. Some syslog forwarded messages would not be available through PAM GUI since syslog sends other information

Additional Information

None.

Feedback

thumb_up Yes

thumb_down No