Symantec Privileged Access Management

Where Can I see logs related to Password management.

Use cases :

1)User logs in to pam and retrieve password via access page.

2) PAM administrator(Global Administrator) : Views the password via Password managment GUI->>Target Account-->Clicking on eye icon to view the password.

3) Logs generated by Creating/Modifying PCP.

4) Logs generated Creating/Modifying PVP.

There are lot of logs which gets generated by are not visible under Session logs and are not part of syslog messages.

Kindly Advise.

Hi Shaik

The Pasword Management logs correspond to the TomCat component of CA PAM

If you go to Diagnostics and set the Tomcat logs to Debug of Finest, then reproduce your problem and you download the tomcat logs, you may have some information

Other than that and the reports there is no other log you can get

Hi Shaik,

Miquel mentioned Reports. Specifically, your items 1 and 2 would be covered by the "View Password Requests" report and items 3 and 4 by the "Administrative Activities" report. The contents is lacking details though. Also, there are changes to the syslog contents in CA PAM 2.7. I assume you were checking on this using 2.6. If you integrate a syslog server with CA PAM 2.7, you should find entries in the syslogs related to all these activities, and they contain more details than what you see in the reports.

Regards,

Ralf

Hi Ralf,

This is just what I wanted to hear, I am aware of the reporting functionality but I wanted the same logs to be available via Syslog  messages, So that I can do a correlation in the SIEM and generate some events out of it.

Do we have any document like which messages are sent as syslog messages to syslog servers.

Not yet, but there is an idea open for it already, https://communities.ca.com/ideas/235732150, and it's coming. You can add your vote/comment to the existing idea.

Oops, just noticed that you added a comment to that already ...