Symantec Privileged Access Management

Expand all | Collapse all

It is possible send a notification to an administrator when another one administrator is reviewing the logs?

  • 1.  It is possible send a notification to an administrator when another one administrator is reviewing the logs?

    Posted Aug 08, 2017 05:18 PM

    It is possible send a notification to an administrator when another one administrator is reviewing the logs?



  • 2.  Re: It is possible send a notification to an administrator when another one administrator is reviewing the logs?
    Best Answer

    Broadcom Employee
    Posted Aug 09, 2017 10:20 AM

    Hello Adolfo, There is no direct configuration in CA PAM, but you can achieve this through the syslog integration. Most session log messages, including the "Log records viewed" messages, are sent to the syslog server that is configured on the Config > Logs page. This includes the name of the user who viewed the logs. You can then configure an email action on your syslog server when such a message is received. Here is an example message (actual IP addresses replaced with mask):

     

    2017-08-09T10:10:20.238592-04:00 xceedium.com gkpsyslog[21291]: Private IP: ***.***.***.***, Public IP: ***.***.***.***, Nat/Proxy IP: ***.***.***.***, User: super, Transaction: admin, Address: - -, Device Name: - -, User Group: testgroup, localg1, localg2, localg3, Port: - -, Access/Protocol: - -, Service/App: - -, Details: Log records viewed



  • 3.  Re: It is possible send a notification to an administrator when another one administrator is reviewing the logs?

    Posted Aug 09, 2017 03:12 PM

    Thank You, very Useful!