Event Details
User Activity->Privilege Use->Privilege Sessions (TPAM)->Session/Password: Approved
Session/Password: Approved
 Sample: 
Feb 26 17:18:26 10.30.44.209 PAR[3896]: UserName: dimaad Operation: Approved ObjectType: Session/Password Target: dimalinux/yksm Role: NoRole Failed? 0
Log Type: Generic Syslog
 Uniquely Identified By:
OS Type: Any
Filtering RegExp: ^(.{15}) ([-[:alnum:]_.]+) ([^():]+)(\([^[]+\)){0,1}(\[[0-9]+\]){0,1}: (UserName: (.*) Operation: (.*) ObjectType: (.*) Target: (.*) Role: (.*[^])[]* Failed\? (.*))
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime Feb 26 17:18:26
Who Account or user name under which the activity occured. UserName dimaad
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Password was approved for session." Password was approved for session.
Where The name of the workstation/server where the activity was logged. Computer 10.30.44.209
Where From The name of the workstation/server where the activity was initiated from. -
Severity Specify the seriousness of the event. -
WhoDomain -
WhereDomain -
UserName TPAM user account initiating event. - dimaad
Operation Type of action - Approved
ObjectType Type of the object on which action is taken. - Session/Password
Target Name of the object on which action is taken. - dimalinux/yksm
Role Permission type - NoRole
Failed Result of execution (0 - true, 1 - false) - 0
Comments
You must be logged in to comment