Login Account Disabled Event
Valid on UNIX
capamsc141
Valid on UNIX
Login account disabled events describe events where serevu disables a user log in.
Audit records in this event have the following format:
Date Time Status Event UserName Details Reason Terminal Program AuditFlags
- DateIdentifies the date the event occurred.Format:DD MMM YYYYPAM Server ControlEndpoint Management formats the date display according to your computer's settings.
- TimeIdentifies the time the event occurred.Format:HH:MM:SSPAM Server ControlEndpoint Management formats the time display according to your computer's settings.
- StatusIndicates serevu disabled user login.Value:I (Login disabled)
- EventIdentifies the type of event this record belongs to.PAM Server ControlEndpoint Management refers to this field simply asEvent.
- UserNameIdentifies the name of the accessor that performed the action that triggered this event.
- DetailsIndicates at which stagePAM Server Controldecided what action to take for this event.The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the authorization stage code. In a detailed output or inPAM Server ControlEndpoint Management, the audit record displays the message associated with the authorization stage code. For a complete list of stage codes, run seaudit -t.
- ReasonIndicates the reason thatPAM Server Controlwrote an audit record.This field does not display in a detailed seaudit output or inPAM Server ControlEndpoint Management. The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the reason code. For a complete list of reason codes, run seaudit -t.
- TerminalIdentifies the name of the terminal that the accessor used to connect to the host.
- ProgramIdentifies the name of the program that triggered the event.
- AuditFlagsIndicates whether the accessor is internal (PAM Server Controldatabase user) or an enterprise user.If the accessor is an enterprise user, the audit record you see in a non-detailed seaudit output displays the string "(OS user)" in this field. Otherwise, this field remains empty.
Example: Login Account Disabled Event Message
The following audit record was taken from a detailed seaudit output.
13 Jan 2009 16:53:26 I LOGINDISABLE test1 0 5 computer.com serevu Event type: Login account disable Status: Login disabled User name: test1 Terminal: computer.com Date: 13 Jan 2009 Time: 16:53 Program: serevu Details: Stage code 0 User Logon Session ID: 496b629c:00000003 Audit flags: AC database user
This audit record indicates that on January 13th 2009, the serevu daemon prevented user test1 from logging in from the terminal computer.com.
PAM Server Control
logged this event because the serevu daemon requested the audit (reason code 5CA PAM Server Control
serevu utility requested auditing).