How can we monitor the access log of IM? 

Is it possible to Audit Operator Console login attempts in the Infrastructure Manager (IM)? 

• Release: UIM 20.4.x 

• Guidance 

NOTE: In the example below LDAP Authentication is enabled, therefore the HUB will always try to first log to the AD server. The login fails to the AD. After this, the user is searched in the real Nimbus users.

The hub IP address calls the HUB and requests the authentication of the nimbus user.  It is interesting to note that the log shows the IP of the host where the Infrastructure Manager is located (<IP_ADDRESS_OF_THE_INFRASTRUCTURE_MANAGER_USED_TO_LOG_IN>)

Sep  8 11:14:13:021 [32208] 2 hub: login from ctrl <IP_ADDRESS_OF_THE_PRIMARY_HUB>/63635
Sep  8 11:14:13:024 [32208] 3 hub: expand_vars Size=666
Sep  8 11:14:13:024 [32208] 3 hub: host            PDS_PCH          14 xxxxx
Sep  8 11:14:13:024 [32208] 3 hub: base            PDS_PCH          17 DC=xxxxx,DC=com
Sep  8 11:14:13:024 [32208] 3 hub: user_base       PDS_PCH          17 DC=xxxxx,DC=com
Sep  8 11:14:13:024 [32208] 3 hub: domain          PDS_PCH          11 xxxxx.com
Sep  8 11:14:13:024 [32208] 3 hub: attr_grp_name   PDS_PCH           5 name
Sep  8 11:14:13:024 [32208] 3 hub: attr_grp_member_name PDS_PCH           7 member
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_firstname PDS_PCH          10 givenName
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_lastname PDS_PCH           3 sn
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_mail   PDS_PCH           5 mail
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_www    PDS_PCH          12 wWWHomePage
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_phone  PDS_PCH          16 telephoneNumber
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_cellphone PDS_PCH           7 mobile
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_office PDS_PCH          27 physicalDeliveryOfficeName
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_company PDS_PCH           8 company
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_title  PDS_PCH           6 title
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_department PDS_PCH          11 department
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_description PDS_PCH          12 description
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_restrict_view PDS_PCH          25 restrictViewToUserAssets
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_name   PDS_PCH          12 displayName
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_id     PDS_PCH          18 userPrincipalName
Sep  8 11:14:13:024 [32208] 3 hub: attr_usr_member_of PDS_PCH           9 memberOf
Sep  8 11:14:13:024 [32208] 3 hub: (nim_ldap_get_connection): successful contact with LDAP server 'xxxxxxx', secure=0
Sep  8 11:14:13:026 [32208] 0 hub: (nim_ldap_query) ldap_search_ext_s(base:=DC=xxxxx,DC=com scope:=LDAP_SCOPE_SUBTREE filter:=(|($userPrincipalName=<NimBUSuser>@example.com)(userPrincipalName=<NimBUSuser>@example.com)) attrs:=userPrincipalName, memberOf, name
Sep  8 11:14:13:027 [32208] 3 hub: (nim_ldap_query) ldap_search_ext_s: LDAP_SUCCESS
Sep  8 11:14:13:027 [32208] 3 hub: (nim_ldap_query) entries count:= 0, paging results:=no
Sep  8 11:14:13:027 [32208] 3 hub: login [LDAP] - basic login took 5 ms
Sep  8 11:14:13:027 [32208] 0 hub: login [LDAP] - (logon_user) 0 user found for (|($userPrincipalName=<NimBUSuser>@example.com)(userPrincipalName=<NimBUSuser>@example.com)), do not know which to use.
Sep  8 11:14:13:270 [49344] 3 hub: Received heartbeat on queue route 'qosremote'
Sep  8 11:14:13:270 [49344] 3 hub: Received heartbeat on queue route 'probe_discovery_get'
Sep  8 11:14:13:285 [32208] 3 hub: login [NimBUS] - success for user=<NimBUSuser> ip=<IP_ADDRESS_OF_THE_INFRASTRUCTURE_MANAGER_USED_TO_LOG_IN>
Sep  8 11:14:13:285 [32208] 1 hub: login - user=<NimBUSuser> permissions=super ip=<IP_ADDRESS_OF_THE_INFRASTRUCTURE_MANAGER_USED_TO_LOG_IN>
Sep  8 11:14:13:285 [32208] 1 hub: Login: succeeded for <NimBUSuser>, ip = <IP_ADDRESS_OF_THE_INFRASTRUCTURE_MANAGER_USED_TO_LOG_IN>

Monitor user login attempts in Operator Console (OC) - UIM (broadcom.com)

DX Unified Infrastructure Management / UIM Users Explained (broadcom.com)