CA Automation Point has shutdown by remote user, who did this.

Document ID : KB000012482
Last Modified Date : 14/02/2018
Show Technical Document Details

CA Automation Point was shutdown on a server. Several people were signed in via CA AP Remote Viewer (APView). And in the XCMSG.LOG, you see CA Automation Point shutting down.


You are trying to determine who or what shut it down. How can you find in the logs who or what did it should down.

CA Automation Point : Any releaseWindows : Windows server

For the APView logging of messages, as specially the shutdown, you can find the information in the out.deb log file. 

Example follows: 

1) Find message containing "op:KEY(kill_xc)". For example: 
16:48:58.183 S1 P4420 T5540 C=3 Task=27 RMW OUT: (rmw_menu,1000,I) vw_id:35, op:KEY(kill_xc) 

2) Take a note of the vw_id value, which is Remote Viewer ID of whomever issued the command - in case of this example it is 35. 

3) Find message containing "Connect 35". This message also contains username which is used by Remote Viewer with ID = 35: 
16:48:50.917 S1 P4420 T2564 C=0 Task=18 RMW OUT: (rmw_packet,600,I) Connect 35 

In order to have these messages displayed inside out.deb file. It is necessary to have "Information messages" ticked on in Expert Interface/Infrastructure/Debugging 

Additional Information:

To audit the APview session windows better/simpler, there is currently an Idea open in the CA Communities to get more audit messages in the logs.