IBM Audit & Monitoring Service – Windows
IBM Audit & Monitoring Service collects login success audit data from Windows computers. The IBM Audit & Monitoring Service audit event focuses on login success.
IBM Audit & Monitoring Service – Windows Audit Event Log Sample
The following is a sample of an audit event log for IBM Audit Event ID 9001. This log sample documents a successful login. The change was made by user=administrator@acme.test on January 06 at 15:53:10.
Jan 06 15:53:10 s2k8r2p1v1.acme.test wdad[1128]:
INFO AUDIT_TRAIL|Centrify Suite|DirectAudit -
Windows|1.0|1|login success|5|user=administrator
@acme.test userSid=S-1-5-21-1986235188-3370598863-
2160698129-500 sessionId=1 CentrifyEventID=9001
DAInst=AuditingInstallation DASessID=c72252aa-
e616-44ff-a5f6-d3f53f09bb67
IBM Audit & Monitoring Service - Windows Audit Events
Audit and Monitoring Service - Windows Audit Events
| Event Id | Description | Parameters |
|---|---|---|
| 9001 | login success | |
| 9002 | logoff success | |
| 9003 | Enable IBM Auditing and Monitoring Service succeeded added in release 2017.3 | InstallationName: Installation Name |
| 9004 | Disable IBM Auditing and Monitoring Service succeeded added in release 2017.3 | InstallationName: Installation Name |
| 9005 | Enable IBM Auditing and Monitoring Service failed added in release 2017.3 | InstallationName: Installation Name Reason: Reason for failure |
| 9006 | Disable IBM Auditing and Monitoring Service failed added in release 2017.3 | InstallationName: Installation Name Reason: Reason for failure |
| 9007 | Session auditing started added in Release 2020 | |
| 9008 | Session auditing started added in Release 2020 |