Does a list of syslog alerts exist for all events logged by the TPAM appliance? What is the format of the syslog output from TPAM?
UserName or AdminName is the TPAM login username of the user performing the operation. "Internal Account" and "Automation Engine" are service accounts on the appliance and not connected to nor controlled by any user.
Operation will indicate Update, Add, Grant, Retrieve, Revoke, etc.
ObjectType will indicate what kind of thing is being affected, ManagedAccount, System, Account Password, etc.
Neither Operation nor ObjectType are "fixed" values, meaning we don't have a table of values that are used to populate the log. As code is added or edited, operations or object types are added as necessary. Very rarely we might change how an entry gets logged, but as a general rule we try to avoid that. We do not maintain a canonical list of possible values for either operation. While not a complete listing, some common values are:
Target will be the name of the entity being logged - user name, account name, and so forth.
Role (only from the TPAM report) will be the role of the user doing the operation. These mostly fall along the lines of job responsibilities: Admin, ISA, Requestor, Approver, etc. If a role can not be determined or does not apply, e.g., Authentication or Automation Engine entries, it will be "N/A" or "None". Note that the same user can have different roles based on what that user is doing. User1 may have ISA permissions over some systems and accounts, but only Requestor permission on others.
Failed? (only from the TPAM report) will be 1 (failed) or 0 (success). Something marked as failed is often (but not always) due to "permission
denied" situations.
OtherInfo contains the details of the operation. For entities where we track edits it will typically show the column name and the new data, but occasionally it may just show "ColumnNameX edited".
The entire string will be truncated at 500 bytes, which means that occasionally we might clip off some of the "OtherInfo". In reality this doesn't happen that often. The types of things that get truncated are typically overly long item descriptions or system-level messages.
NOTE: Otherinfo is not sent in 2.5.914 and below.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center