Audit Activity Using BeyondInsight for Unix & Linux

From the main Audit menu, you can access:

  • Privilege Management for Unix and Linux events.
  • Privilege Management for Unix and Linux recorded sessions.
  • Privilege Management for Unix and Linux query page.
  • As of Privilege Management for Unix and Linux 10.3, event log information is retrieved from databases. Previous versions of Privilege Management for Unix and Linux support log files.
  • A minimum version of Privilege Management for Unix and Linux 10.0 is required to view log contents. In earlier versions, the log must be downloaded to view.

View PMUL Events

  1. Select the Audit menu, and then click the Privilege Management for Unix and Linux Events tile.
  2. Find the host name in the list, and click the arrow. Use the Hostname, IP Address, and Tags filters to refine the list of results displayed.
  3. On the Server Details page, click the tile for the detail you want to view.
    • Sessions: View and play the I/O log sessions. You can also view sessions from the Audit > Privilege Management for Unix and Linux Session Replay tile.
    • Event Log: Provides a detailed list of events that occurred on the server. Use the filters available to sort through events. Select an event to view more information on the Event Details pane.
    • Entitlement Reports

For more information, please see the following:

Search Events

You can search for Privilege Management for Unix and Linux events.

  1. Select the Audit menu, and then click the SIEM Search tile.
  2. Enter a search query.

View Console Audit Activities

You can view user session information, such as user name, session ID, session time, user roles, and IP address.

  1. Select the Console Audit menu.
  1. On the Console Audit page, use the filters to refine the list of user sessions displayed.
  2. Select the arrow for the session.
  3. On the Session Details page, view more information, such as user name, user roles, HTTP method, and URL.