logout audit log after restarting CA Privileged Identity Manager
search cancel

logout audit log after restarting CA Privileged Identity Manager


Article ID: 45024


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)


Is logout log recorded for the user who logged in before CA Privileged Identity Manager (PIM) restart and logged out after PIM restart?


Component: SEOSU


The logout log for normal user is recorded but not for root.
When PIM starts, it detects executing processes and its execution user, and detects logged-in user. So the logged-in user who logged in before restart is detected. As logged-in user is detected, logout log for the user will be recorded.
However, as PIM cannot distinguish different root sessions, all processes of root uid gain the same ACEE (accessor element) handle. On the one hand, PIM detects logout when last process of that handle terminates. When one root session terminates, there are still many root processes running with the same ACEE handle. From PIM point of view, when one connection of root terminates, there are still running other processes of the same user root and PIM does not record logout log.