AnsweredAssumed Answered

RSA SecurID Auth Mgr 8.1 Logging of Failed Logins for unknowns

Question asked by David Wilson on Oct 7, 2016
Latest reply on Oct 12, 2016 by David Wilson

Logging for RSA SecurID Authentication Manager 8.1 is enabled and being forwarded to a centralized logging/SIEM tool.  The runtime audit logging level has been set to all values from error to success.  What setting supports that capture and reporting for failed events from unknown users.  It appears that logs are only produced for known accounts.  If someone tries to login with an unknown account, or a generic 'root' or 'administrator' account, there is no record in the log for that event.  How can this be enabled?

Please advise.