In an environment where users login to WCC using an ID that is not the same as their O/S user, is there a way to determine the O/S user that initiated the login?
There is not anything logged that would show the O/S user that initiated the login. However, you would be able to determine the IP address of the browser machine where the login was initiated. When a user logs into WCC, you will see the following line in the /log/CA-wcc.log...
INFO | jvm 1 | 2018/12/13 12:17:41 | 594866 | @rest <XX.XXX.XXX.XXX nologin> INFO #AuthenticationResource # Logging user ejmcommander in. Creating session 3291B5410A8B05A8CB6125567350951AB588B8C2A7B02E5C4A601111854D2BD.host1.
The IP in this part of the line...rest <XX.XXX.XXX.XXX nologin>...is the IP of the browser machine (represented by X's in this example).