Duplicate Sessions When Keyboard Logger is Running

book

Article ID: 35739

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Question:

While keyboard logger is running, why does the finger command show two entries for one session?

 

Answer:

When KBL is enabled it intercepts login session and additional process sits on terminal line between shell tty and connection. This process is cmdlog and this process creates additional tty shown in command "who". There is no way to avoid two lines per single login when KBL is enabled. When shell scripts performs exit / terminate the cmdlog process also terminates and cleans tty record. Killing process with forced termination kill -9 is not good idea, because it prevents graceful termination and clean up.

 

Additional Information:

For more information on the keyboard logger, please see our Implementation Guide.

https://docops.ca.com/cminder/12-9/EN/reference/reference-guide/services-and-daemons-in-detail/kblaudmgr-daemon-session-logging

 

 

Environment

Release: ACP1M005900-12.6-Privileged Identity Manager
Component: