Previous Topic: Logout EventNext Topic: Login Account Disabled Event

Reference GuideAudit Log RecordsAudit Event TypesLogin Account Enabled Event

Login Account Enabled Event

Valid on UNIX

Login account enabled events describe events where serevu enables a user log in.

Audit records in this event have the following format:

Date Time Status Event UserName Details Reason Terminal Program AuditFlags
Date

Identifies the date the event occurred.

Format: DD MMM YYYY

Note: CA ControlMinder Endpoint Management formats the date display according to your computer's settings.

Time

Identifies the time the event occurred.

Format: HH:MM:SS

Note: CA ControlMinder Endpoint Management formats the time display according to your computer's settings.

Status

Indicates serevu enabled user login.

Value: E (Login enabled)

Event Type

Identifies the type of event this record belongs to.

Note: CA ControlMinder Endpoint Management refers to this field simply as Event.

User Name

Identifies the name of the accessor that performed the action that triggered this event.

Details

Indicates at which stage CA ControlMinder decided what action to take for this event.

Note: The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the authorization stage code. In a detailed output or in CA ControlMinder Endpoint Management, the audit record displays the message associated with the authorization stage code. For a complete list of stage codes, run seaudit -t.

Reason

Indicates the reason that CA ControlMinder wrote an audit record.

Note: This field does not display in a detailed seaudit output or in CA ControlMinder Endpoint Management. The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the reason code. For a complete list of reason codes, run seaudit -t.

Terminal

Identifies the name of the terminal that the accessor used to connect to the host.

Program

Identifies the name of the program that triggered the event.

Audit Flags

Indicates whether the accessor is internal (CA ControlMinder database user) or an enterprise user.

Note: If the accessor is an enterprise user, the audit record you see in a non-detailed seaudit output displays the string "(OS user)" in this field. Otherwise, this field remains empty.

Example: Login Account Enabled Event Message

The following audit record was taken from a detailed seaudit output.

13 Jan 2009 17:05:00 E LOGINENABLE  test1           0  5 computer.com      serevu
Event type: Login account enabled
Status: Login enabled
User name: test1
Details: Stage code 0
Terminal: computer.com
Date: 13 Jan 2009
Time: 17:05
Program: serevu
Audit flags: AC database userLogin account disable -

This audit record indicates that on January 13th 2009, the serevu daemon enabled user test1 to log in from the terminal computer.com. CA ControlMinder logged this event because the serevu daemon requested the audit (reason code 5—CA ControlMinder serevu utility requested auditing).

More information:

Authorization Stage Codes for Log In and Log Out Events

Reason Codes That Specify Why a Record Was Created