IBM Cloud Pak for Security

Cloud Pak for Security

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Setup Authentication Logging

  • 1.  Setup Authentication Logging

    Posted Wed December 20, 2023 06:31 AM

    Hi.
    Is there a way to monitor authentication logs on Cloud Pak for Security?
    Officially i cannot find anything.
    I want to monitor logs like who logged into Cloud Pak , what url he searched, etc...
    If someone did something relative or custom i guess.

    Thanks in advance.



    ------------------------------
    George Petkakis
    ------------------------------


  • 2.  RE: Setup Authentication Logging

    Posted Fri January 05, 2024 03:12 PM

    Hello George,

    Under ibm-common-services namespace are the auth-idp and auth-pdp pods which are the authenticator services, those does not record user login activity

    Under  Cloud Pak for Security namespace is the isc-entitlement pod  log same:

     {"level":"info","label":"CP4SControllerBase","message":"entering getChangeLogSequence

    Those pods log users' activity, however, it is hard to determine if was a login activity, cause the same log sample comes up when you access some of the CP4S tabs, for example, case management and when you create a case.

    For now auditing user login is hard to track.

    Eddie Melendez.

    IBM Qradar Suite Support.



    ------------------------------
    Eddie Andres Melendez Monge
    ------------------------------

    Original Message