on Jun 14, 2016Article Content
| Article Number | 000012911 |
| Applies To | RSA Authentication Manager 6.x Custom SQL |
| Issue | Some sites have auditing requirements to track user additions and deletions. The problem is the sdlog database usually only includes first and last names, which may not be unique at the site, and omits the indexed default login name. |
| Cause | There is a way to include default login name for user addition and deletion actions: set this env on the Authentication Manager or Remote Admin machine that will be running the Custom SQL Query: ENHANCED_LOGGING=YES With this env set, the sql query "select * from sdlogentry" will return many more records for a user deletion event (see below) and will include the previously missing default login name. |
| Resolution | Sample expected output using Enhanced Logging after a user is deleted: "3757488","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","David Carlstrom","carlstrd","","","","","ace6prim.corp.espn.pvt","Test Dave","0","0","0" "3757487","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","","Profile","?davetest","0","0","0" "3757486","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Sun:AAAAAAAAAAAAAAAAAAAAAAAA","Access Time","?davetest","0","0","0" "3757485","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Sat:AAAAAAAAAAAAAAAAAAAAAAAA","Access Time","?davetest","0","0","0" "3757484","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Fri:AAAAAAAAAAAAAAAAAAAAAAAA","Access Time","?davetest","0","0","0" "3757483","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Thu:AAAAAAAAAAAAAAAAAAAAAAAA","Access Time","?davetest","0","0","0" "3757482","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Wed:AAAAAAAAAAAAAAAAAAAAAAAA","Access Time","?davetest","0","0","0" "3757481","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Tue:AAAAAAAAAAAAAAAAAAAAAAAA","Access Time","?davetest","0","0","0" "3757480","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Mon:AAAAAAAAAAAAAAAAAAAAAAAA","Access Time","?davetest","0","0","0" "3757479","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","no","Temporary User","?davetest","0","0","0" "3757478","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","","Default Shell","?davetest","0","0","0" "3757477","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","yes","Must Create Pin","?davetest","0","0","0" "3757476","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","yes","May Create Pin","?davetest","0","0","0" "3757475","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","davetest","Default Login","?davetest","0","0","0" "3757474","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Test","First Name","?davetest","0","0","0" "3757473","09/18/2008","14:07:27","09/18/2008","10:07:27","4017","davetest","carlstrd","","","","Dave","Last Name","?davetest","0","0","0" "3757471","09/18/2008","14:07:13","09/18/2008","10:07:13","4014","David Carlstrom","carlstrd","","","","","ace6prim.corp.espn.pvt","Test Dave","0","0","0" "3757470","09/18/2008","14:07:13","09/18/2008","10:07:13","4002","davetest","carlstrd","","","","/bin/sh","Default Shell","?davetest","0","0","0" "3757469","09/18/2008","14:07:13","09/18/2008","10:07:13","4002","davetest","carlstrd","","","","no","Must Create Pin","?davetest","0","0","0" "3757468","09/18/2008","14:07:13","09/18/2008","10:07:13","4002"," |
| Legacy Article ID | a42438 |