ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Duplicate Sessions When Keyboard Logger is Running


Article ID: 35739


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)



While keyboard logger is running, why does the finger command show two entries for one session?



When KBL is enabled it intercepts login session and additional process sits on terminal line between shell tty and connection. This process is cmdlog and this process creates additional tty shown in command "who". There is no way to avoid two lines per single login when KBL is enabled. When shell scripts performs exit / terminate the cmdlog process also terminates and cleans tty record. Killing process with forced termination kill -9 is not good idea, because it prevents graceful termination and clean up.


Additional Information:

For more information on the keyboard logger, please see our Implementation Guide.




Release: ACP1M005900-12.6-Privileged Identity Manager