Event Details
User Activity->Privilege Use->Shared Password Requests (TPAM)->Password: Approved
Password: Approved
 Sample:
Feb 15 17:42:23 10.30.44.209 PAR[2688]: UserName: tpamsm Operation: Approved ObjectType: Password Target: dimalinux/yksm Role: NoRole Failed? 0
Log Type: Generic Syslog
 Uniquely Identified By:
OS Type: Any
Filtering RegExp: ^(.{15}) ([-[:alnum:]_.]+) ([^():]+)(\([^[]+\)){0,1}(\[[0-9]+\]){0,1}: (UserName: (.*) Operation: (.*) ObjectType: (.*) Target: (.*) Role: (.*[^])[]* Failed\? (.*))
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. UserName Feb 15 17:42:23
Who Account or user name under which the activity occured. - tpamsm
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Password was approved" Password was approved
Where The name of the workstation/server where the activity was logged. - 10.30.44.209
Where From The name of the workstation/server where the activity was initiated from. -
Severity Specify the seriousness of the event. -
WhoDomain -
WhereDomain -
UserName TPAM user account initiating event. - tpamsm
Operation Type of action - Approved
ObjectType Type of the object on which action is taken. - Password
Target Name of the object on which action is taken. - dimalinux/yksm
Role Permission type - NoRole
Failed Result of execution (0 - true, 1 - false) - 0
Comments
You must be logged in to comment