Centrify Commands (UNIX Commands)
Audit events in the Centrify Commands category are focused on capturing command line activity. Audit events are recorded when users or administrators run command line programs to enable or disable auditing, join or leave a domain, query Active Directory for user or group information, change their password configuration settings or license mode, or perform other operations.
Centrify Command Audit Event Log Sample
The following is a sample of an audit event log for Centrify Audit Event ID 18000. This log sample documents auditing being enabled. The change was made by user=root on April 5 at 11:37:28.
Apr 5 11:37:28 engcen6 adclient[1749]: INFO AUDIT_
TRAIL|Centrify Suite|Centrify Commands|1.0|0|Auditing
enabled|5|user=root pid=14874 utc=1459836448489
CentrifyEventID=18000 DAInst=AuditingInstallation
DASessID=c72252aa-e616-44ff-a5f6-d3f53f09bb67
status=GRANTED service=NSS
Centrify Commands Audit Events
Centrify Commands Audit Events
| Event Id | Description | Parameters |
|---|---|---|
| 18000 | Auditing enabled | service: service |
| 18001 | Auditing not enabled | service: service reason: error message |
| 18100 | Auditing disabled | service: service |
| 18101 | Auditing not disabled | service: service reason: error message |
| 18200 | The user login to the system successfully | service: service tty: tty |
| 18300 | Desktop auditing enabled Added in Release 2020 | |
| 18301 | Desktop auditing not enabled Added in Release 2020 | reason: error message |
| 18400 | Desktop auditing disabled Added in Release 2020 | |
| 18401 | Desktop auditing not disabled Added in Release 2020 | reason: error message |
| 18500 | Session auditing started Added in Release 2020 | |
| 18501 | Session auditing ended Added in Release 2020 | |
| 20100 | Joined domain | parameters: parameters zone: zone name domain: domain computer: computer name runas: username@domain |
| 20101 | Join failed | parameters: parameters zone: zone name domain: domain computer: computer name runas: username@domain reason: error message |
| 20200 | Left domain | parameters: parameters |
| 20201 | Leaving domain failed | parameters: parameters reason: error message |
| 20300 | Query as root was successful | parameters: parameters |
| 20301 | Query was successful | parameters: parameters |
| 20302 | Query request failed | parameters: parameters reason: error message |
| 20400 | Password changed | parameters: parameters unixUser: user name |
| 20401 | Password change failed | parameters: parameters unixUser: user name reason: error message |
| 20500 | Configuration settings (Centrify.conf) reloaded | parameters: parameters |
| 20501 | Configuration settings (Centrify.conf) failed to reload | parameters: parameters reason: error message |
| 20600 | Local cache flushed | parameters: parameters |
| 20601 | Cache flush failed | parameters: parameters reason: error message |
| 20650 | Object refreshed | parameters: parameters |
| 20651 | Object refresh failed | parameters: parameters reason: error message |
| 20800 | License modes changed | parameters: parameters |
| 20801 | License modes change failed | parameters: parameters reason: error message |
| 20900 | Advanced monitoring enabled | service: service |
| 20901 | Advanced monitoring not enabled | service: service reason: error message |
| 20910 | Advanced monitoring disabled | service: service |
| 20911 | Advanced monitoring not disabled | service: service reason: error message |
| 21100 | Changing web proxy configuration succeeded added in release 18.8 | parameters: parameters |
| 21101 | Changing web proxy configuration failed added in release 18.8 | parameters: parameters reason: error message |
| 21200 | Editing Kerberos keytab file succeeded | parameters: parameters |
| 21201 | Editing Kerberos keytab file failed | parameters: parameters reason: error message |