Hi Team,
I need to log all security events to keep our Datapower stable. I need to log security stuff like the user activity, unsuccessful login attempts, block the user after failed attempts, password change, changes in datapower by the user, memory leak issues or memory full events, also actions performed via CLI needed to be logged and triggered.
I created log target and added few events
0x00330002 (Memory full)
0x01b20008 (HSM password login failed)
0x02c30005 (Maximum number of failed logins.)
0x02c30008 (Lock out due to number of failed logins)
0x02c60004 (Password changed)
Under Event Subscriptions, configured event category "all"
Event priority as "Notice"
Under Event triggers, how to add the configuration to trigger the security events?
But not working as expected- not logging user activity or failed attempts. didn't find any logs related to the user who had multiple failed login attempts.
Tried various blogs on this but didn't find any. Could you please help on this or provide configuration steps If I missed any.
Thanks in advance!