Breadcrumbs

Syslog - CA Privileged Access Manager (PAM)

Device Details

Device Name

Syslog – CA Privileged Access Manager

Vendor

CA Technologies (BROADCOM)

Device Type

Device and Password Access Control

Supported Model Name/Number

Privileged Credential Vault

Supported Software Version

N/A

Collection Method

Syslog

Configurable Log Output

No

Log Source Type

Syslog – CA Privileged Access Manager

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-management-and-governance-connectors/1-0/connectors/ca-connectors/ca-privileged-access-manager.html


Prerequisites

To access CA Privileged Access Manager, you need one of the following Web browsers:

  • Microsoft Internet Explorer 11 or higher

  • Mozilla Firefox

  • Apple Safari

  • Google Chrome


Supported Log Messages

 (List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

Catch All

All

<severity>

Cloakware Metric Messages

All

<severity> ,<login>, <account>, <object>, <status>, <recipient>, <group>, <subject>, <sname>, <dname>, <sip>

Gatekeeper Syslog Messages

All

<severity> ,<processid>, <sip> ,<snatip> ,<login> ,<action> ,<dip> ,<sname> ,<group> , <sport> , <protname> ,<subject> ,<useragent>, <policy>, <object>, <vendorinfo>, <dport> , <kilobytes> ,<url>,<dname>, <domainorigin>, <tag1>
Gksyslog Messages

All

<severity> ,<processid>,<login>, <useragent>, <domainorigin>, <sname>, <action>, <subject>

Logwatch Process Messages

All

<severity>, <processid>, <subject>, <action>

Metric Login Messages

All

<severity> ,<action>, <login>, <sip>, <sname>

Metric Schedule Job Messages

All

<severity> ,<action>, <subject>, <account>, <command>, <login>, <sip>, <sname>

Metric Update Password Messages

All

<severity> ,<action>, <login>, <object>, <account>, <minutes>

Metric View Password Messages

All

<severity> ,<action>, <login>, <object>, <reason>, <dname>, <command>, <account>, <sip>, <sname>,<responsecode>

Password Expire View Request Messages

All

<severity> ,<action>, <processid>, <login>, <responsecode>, <account>, <sip>, <sname>

X-suite Messages

All

<severity> ,<processid>, <sip> ,<snatip> ,<login>, <tag1>, <dip>, <sname>, <subject>, <dport>, <protname>, <object>, <status>, <minutes>


Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.598.0

Syslog

Documentation

Updated existing device documentation