Event Details
Operating System->TPAM (draft)->User activity->Session: Start Session
Session: Start Session
Session start.

Module: Privileged Session Manager
 Sample: 
Feb 25 16:48:00 10.30.44.209 PAR[8916]: UserName: dimaad Operation: Start Session ObjectType: Session Target: dimalinux/yksm Role: Requestor Failed? 1
Log Type: Generic Syslog
 Uniquely Identified By:
OS Type: Any
Filtering RegExp: ^(.{15}) ([-[:alnum:]_.]+) ([^():]+)(\([^[]+\)){0,1}(\[[0-9]+\]){0,1}: (UserName: (.*) Operation: (.*) ObjectType: (.*) Target: (.*) Role: (.*[^])[]* Failed\? (.*))
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime Feb 25 16:48:00
Source Name of system type origination the event. "TPAMCONSOLE" TPAMCONSOLE
Computer Name / IP address of the host that originally generated the message. Computer 10.30.44.209
Description The entire unparsed event message. RegExpGroup7
UserName TPAM user account initiating event. - dimaad
Operation Type of action. - Start Session
ObjectType Type of the object on which action is taken. - Session
Target Name of the object on which action is taken. - dimalinux/yksm
Role Permission type - Requestor
Failed Result of execution (0 - true, 1 - false) - 1
Comments
You must be logged in to comment