How to check if CA PAM is sending logs over to the syslog port
search cancel

How to check if CA PAM is sending logs over to the syslog port


Article ID: 276416


Updated On:


CA Privileged Access Manager (PAM)


CA PAM is configured to forward syslogs to the syslog server configured in the environment.

But for some reason the syslogs from CA PAM stop reaching the designated syslog server, how can we know if CA PAM is sending information across the port configured for syslog collection, generally 514 (default syslog port)


All supported versions of CA PAM


This article demonstrates how to verify the flow of data over port 514


1) Connect with Broadcom support team
2) Get the SSH Debug Patch
3) Get the tcpdump patch file
4) Deploy the SSH Debug patch as well as the tcpdump patch file
5) Make sure that suslog server is configured in CA PAM
6) Connect using Putty to the CA PAM server
7) In the command terminal execute the tcpdump command to view the traffic flow

# tcpdump -i any -any -s 0 -v port 514

Note: If the suyslog collection server is using a different port than 514, replace port 514 with the port that is being used.

This would display the traffic that is flowing over the port 514.

Try changing the syslog server protocol in CA PAM from UDP to TCP as well and check.


Additional Information

How can I tell if CA PAM is writing messages to syslog properly?

PAM Syslog Not collected.