PIM all versions : audit.cfg not work

Document ID : KB000123990
Last Modified Date : 28/12/2018
Show Technical Document Details
Issue:
Customer added following filter for SSH login event in audit.cfg:
-----
LOGIN;user;*;hostname;SSH;*
-----
but the log still apears, not filtered.
 
Environment:
PIM 12.8 SP1
Cause:
The login terminal obtained from PAM is IP address instead of resolved hostname.
It happens when useDNS=no in /etc/ssh/sshd_config.
Resolution:
Set yes to useDNS or specify ip address in audit.cfg.