Hi,
I keep encountering events in the BSM/C2 logs which shows that the audit-user who performed the event is the user (e.g. ongkk in the example below). However, the user is able to show me that he wasn't logged in at that time nor have the rights to perform the event (e.g. su in this example).
I suspect this is generated by a scheduled script which runs daily and it was the way the job was set up. How can I check/confirm that?
header,96,2,su,,simux65.ext.com,2011-06-24 23:36:00.598 +08:00,subject,ongkk,root,root,root,root,29685,1110674129,612 65558 10.88.xx.yy,text,success for user oracle,return,success,0