Keystroke logs are related to events. When you run a command, such as sudo whoami, the policy server either accepts or rejects the command based on the rules in the policy. When the policy server accepts the command, it creates an event and a corresponding keystroke log. If it rejects the event, it does not create a keystroke log. In order to view a keystroke log, you must first list events.
|
Note: To record and replay keystroke logs, you must log in either as the supervisor or an Active Directory account with rights to audit the policy file; that is, an account in the Audit Sudo Policy or Audit PM Policy role. |
To list events and replay keystroke logs
From the mangement console, navigate to Policy | Event Logs.
|
Note: You can also access Event Logs from these context menus:
|
Select options in the search controls on the Find Event Logs pane, and click Find.
For example, you can search for all events logged for a particular user, or all events logged on a particular host, or you can find events logged during a specific date and time.
|
Note: Host names may appear in the event logs and keystroke log files in either format. To ensure you match a host name, when you specify host name search criteria, use the short host name format with an asterisk wild card (myhost*). |
For example, you can find events that pertain to the usage of a specific command or content of the command output.
Click the Replay keystroke log button next to a listed event to load the log for replay.
A Replay Log tab displays.
Click the Play button () to replay the log.
To use the replay log controls
|
Note: The Step Forward and Step Backwards buttons are not enabled while the log is replaying. |
|
Note: To close a text view of a log, click the Text View button again. |
Management Console for Unix enables administrators to quickly and easily provide auditors with granular reports on Unix identity information, including the highly desirable assessment of which Active Directory user can authenticate on specific Unix systems. By consolidating the generation and viewing of reports within the console, Management Console for Unix reduces the time and effort required to create key reports that traditionally required multiple collections, data collation, and manual processes across multiple Unix systems.
The topics in this section explain how to export reports for the hosts managed through the mangement console. It also provides a description of the reports available on the Reporting tab.
You can run various reports that capture key information about the Unix hosts you manage from the mangement console and the Active Directory domains joined to these hosts from the Reports view on the Reporting tab.
|
Note: The Active Directory reports are only available when you are logged on as an Active Directory account in the Manage Hosts role. |
To run reports
Reports only generate data gathered from the clients during a Profile procedure. Profiling imports information about the host, including local users and groups.
|
Note: You can configure the mangement console to profile hosts automatically. See Automatically profiling hosts for details. |
Unix host information gathered during the profiling process
Local and Active Directory user information
Local and Active Directory group information
User access information
Product licensing information.
The selected report name opens a new tab on the Reports view which describes the report and provides some report parameters you can select or clear to add or exclude details on the report.
|
Note: If the CSV report does not open, you may need to reset your internet options. See CSV or PDF reports do not open for details. |
By default, the mangement console creates reports in the application data directory:
%SystemDrive%:\ProgramData\Quest Software\Management Console for Unix\reports
/var/opt/quest/mcu/reports
|
Note: You may need to reconfigure your browser preferences to allow you to save the report in a specific folder. |
It launches a new browser or application page and displays the report in the selected format.
|
Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. See JVM memory tuning suggestions for details. |
© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité