To enable schedule for the daily collection task, take the following steps:
To start collecting events from Privilege Manager for SUDO master hosts, right-click the: PM for SUDO Syslog - daily collection in the left-pane and then click Run.
This task collects all events from Privilege Manager for SUDO and stores the events in the default repository. To view current state of the task, use the Workflow | Sessions node in the left pane.
When daily collection task is finished, you can open InTrust Repository Viewer and start processing event data according to your needs. For possible use case scenarios, follow information from the Usage Scenario section.
To import all Privilege Manager for SUDO events from the default repository to the default database and then build reports, you need to run weekly reporting task as follows:
To view current state of the task, use the Workflow | Sessions node in the left-pane.
When weekly reporting task is finished, you can view reports stored in place, selected on the Delivery tab of the reporting job.
This topic describes a typical situation in a production environment and shows how InTrust with the Privilege Manager for SUDO Knowledge Pack help handle it.
Suppose you need to get information whether an unauthorized person tried to access passwords using the passwd command on particular hosts managed by Privilege Manager for SUDO.
To do that, in Repository Viewer open repository to which InTrust collects logs from Privilege Manager for SUDO, and then take the following steps:
Now you can review resulting list of events to find suspicious password access events.