Administration Guide › Queries and Reports › Prompts › Use the User Prompt

Use the User Prompt

Each event expresses information about two actors: the Source and the Destination.

• The Source actor initiates the action that causes the event.

  The source actor can be a user, source_username, or a process, source_processname.

• The Destination or "dest" actor is the target of the action.

  The destination actor can be a user, dest_username, or an object, dest_objectname.

The User prompt queries for events where the actor you specify appears in the selected CEG fields of the refined event. Consider this scenario:

1. The source actor, source_username or source_processname attempts an action on the target actor, destination_username or a destination_objectname.
2. This event is recorded in a repository on the event source.
3. A CA Enterprise Log Manager agent makes a copy of the event recorded on the event source and transmits it to a CA Enterprise Log Manager server.

To use the User prompt

1. Select Queries and Reports.

   The Query List displays the Prompts folder and one or more folders for other queries.

2. Expand Prompts and select User.

   The User prompt appears.

3. Enter the name of the user on which to base this query.
4. Select the fields on which to query for data matching your user name entry.

   source_username

   Is the name of the user that initiated the event action.

   dest_username

   Is the name of user that is the target of the action.

   source_objectname

   Is the name of the object involved in the action referenced in event information.

   dest_objectname

   Is the name of the object that is the target of the action.

5. Click Go.

   Results of the User prompt query appear.

6. Use the following descriptions to interpret the query results:

   CA Severity

   Indicates the severity of the event, where the values in increasing order of severity include: Information, Warning, Minor Impact, Major Impact, Critical, and Fatal.

   Date

   Indicates when the event occurred.

   Destination Host

   Identifies the name of the host with the user who was the target of the event action.

   Result

   Specifies a code for the event result of the corresponding action, where S means Success, F means Failure, A means Accepted, D means Dropped, R means Rejected, and U means Unknown.

   Source User

   Identifies the user who initiated the event action.

   Source Object

   Identifies the object on the source host that was involved in the event action.

   Destination User

   Identifies the user who was the target of the event action.

   Destination Object

   Identifies the object on the destination host that was involved in the event action.

   Category

   Identifies the high-level category of the corresponding event action. For example, System Access is the category for the Authentication action.

   Action

   Identifies the event action.

   Log Name

   Identifies the log name used by the connector that collected the event.