Configuring Centrify Infrastructure Services on a UNIX or Linux Device to Communicate with JSA
You can configure your UNIX or Linux device to send audit events to JSA. The audit events are available locally in the syslog event logs where the Centrify Infrastructure Services is installed and configured.
Centrify Infrastructure Services Sample event message
Use this sample event message as a way of verifying a successful integration with JSA.
The following table shows sample event messages from Centrify Infrastructure Services:
Event name |
Low level category |
Sample log message |
---|---|---|
Remote login success |
Remote Access Login Succeeded |
<13>May 09 20:58:48 127.1.1.1 AgentDevice=WindowsLog AgentLogFile=Application Plugin Version=7.2.6.39 Source=Centrify AuditTrail V2 Computer=Centrify WindowsAgent.Centrify.lab OriginatingComputer=127.1.1.1 User=user Domain =CENTRIFY EventID=1234 EventID Code=1234 EventType=4 Event Category=4 RecordNumber=1565 TimeGenerated=1494374321 TimeWritten=1494374321 Level=Informational Keywords= ClassicTask=None Opcode=Info Message=Product: Centrify Suite Category: Direct Authorize - Windows Event name: Remote login success Message: User successfully logged on remotely using role 'Windows Login/CentrifyTest'. May 09 16:58:41 centrifywindowsagent. centrify.lab dzagent[2008]: INFO AUDIT_TRAIL|Centrify Suite |DirectAuthorize - Windows| 1.0|3|Remote login success|5 |user=username userSid=domain \username sessionId=6 centrify EventID=6003 DAInst=N/A DASess ID=N/A role=Windows Login/ CentrifyTest desktopguid=7678b3 5e-00d0-4ddf-88f5-6626b8b1ec4b |
The user logged in to the system successfully |
User Login Success |
<38>May 4 23:45:19 hostname adclient[1472]: INFO AUDIT _TRAIL|Centrify Suite|Centrify Commands|1.0|200|The user login to the system successfully|5|user =user pid=1234 utc=1493952319951 centrifyEventID=18200 DASessID= c6b7551c-31ea-8743-b870- cdef47393d07 DAInst=Default Installation status=SUCCESS service =sshd tty=/dev/pts/2 |