Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

Global Event Log Variables

Privilege Manager Variables > Global Event Log Variables

The following predefined global variables appear only in the audit (event) log. They are not available for use in the policy file, as they are set by pmlocald during the runcommand session. Use pmlog to view them.

Table 33: Global event log variables
Variable Data Type Description
alertdate string Date on which the alert was raised.
alerttime string Time at which the alert was raised.
event string Type of event.
exitdate string Date on which the finish event was logged.
exitstatus string Exit status of the request
exittime string Exit time of the request.

alertdate

Description

Type string READONLY

alertdate contains the date when a configured alert was matched by pmlocald. It is not available for use in the policy file, it is set in the event log. To view the event log, use the pmlog -l command.

Example
#display all alerts raised with action set to log 
pmlog –l -c 'alertkeyaction == "log"'

alerttime

Description

Type string READONLY

alerttime contains the time when a configured alert was matched by pmlocald. It is not available for use in the policy file, it is set in the event log. To view the event log, use the pmlog command.

Example
#display all alerts raised after 6pm 
pmlog –l –c 'alerttime > "18:00:00"'

event

Description

Type string READONLY

event identifies the type of event logged by the policy server process. An event is logged when the policy server accepts or rejects a command. An event is also logged by the agent when a runcommand completes execution and an alert is raised.

Possible values are "Accept", "Reject", "Finish", "AlertRaised".

This value is saved in the event log and can be viewed using pmlog.

Example
#Display all accepted events from the audit log 
pmlog –c 'event == "Accept"'
Related Topics

eventlog

eventloghost

Related Documents