dzsh audit event log sample
The following is a sample of an audit event log for Centrify Audit Event ID 33001. This log sample documents a user being denied dzsh command execution.The change was made by user=dwirth(type:ad,dwirth@CENTRIFY.VMS) on April 7 at 01:20:12.
Apr 28 10:26:41 sspl1-n2 adclient: INFO AUDIT_ TRAIL|Centrify Suite|dzsh|1.0|1|dzsh command execution denied|5|user=root pid=59860 utc=1461864401103 centrifyEventID=33001 DAInst=AuditingInstallation DASessID=c72252aa-e616-44ff-a5f6-d3f53f09bb67 status=DENIED service=dzsh command=/usr/share/
centrifydc/bin/dzinfo reason=sam checking returned false, user is not allowed to use this command or runas