HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide
112
Account Name—Enter the account name of the device user. TAM supports fuzzy matching for
this field. For example, if you enter sam, all authorization logs with account names containing
sam are queried.
Result—Select an authorization result, Permit or Deny from the list.
Authorization Time From/To—Enter an authorization time range for a device user, in the format
of YYYY-MM-DD hh:mm. Or select an authorization time range. Click the Calendar icon on
the left. On the upper part of the window that appears, select the date, and on the lower part,
enter the time. The date and time determine the start time of the authorization time range. Click
the Calendar icon on the right. On the upper part of the window that appears, select the
date, and on the lower part, enter the time. The date and time determine the end time of the
authorization time range. If you only specify the start time, the authorization time range is from
the start time to 9999-01-01 00:00. If you only specify the end time, the authorization time
range is from 2000-01-01 00:00 to the end time. If you select both the start time and end time,
the authorization time range is from the start time to the end time.
Device User Group—Click the Select User Group icon. The Select Device User Group
window appears. Select a group and click OK. To clear your selection, click the Clear icon
.
User Status—Select a user state, Normal or Cancelled from the list. Normal indicates the user
is in normal state. Cancelled indicates the user is already cancelled.
CLI—Enter the command executed by the device user at CLI. TAM supports fuzzy matching for
this field. For example, if you enter dis, all authorization logs with command lines containing
dis are queried. This query criterion is used to query CLI authorization logs only.
Authorization Policy—Select an authorization policy or select CLI Access Not Supported from
the list.
Profile Attribute—Enter the attribute value of the shell profile that applies to the device user at
login. TAM supports fuzzy matching for this field. For example, if you enter timeout, all
authorization logs with shell profiles containing timeout are queried. This query criterion is
used to query Login authorization logs only.
Privilege Level—Enter the privilege level of the device user. TAM queries authorization logs of
device users of the specified level.
Device IP From/To—Enter an IP address range for the device. If you only enter the start IP
address, the range is from the start IP address to 255.255.255.255. If you only enter the end
IP address, the range is from 0.0.0.0 to the end IP address. If you enter both the start IP address
and end IP address, the range is from the start IP address to the end IP address. The end IP
address must be no smaller than the start IP address. You must enter a complete IPv4 address
in each field.
User IP From/To—Enter an IP address range for the device user. If you only enter the start IP
address, the range is from the start IP address to 255.255.255.255. If you only enter the end
IP address, the range is from 0.0.0.0 to the end IP address. If you enter both the start IP address
and end IP address, the range is from the start IP address to the end IP address. The end IP
address must be no smaller than the start IP address. You must enter a complete IPv4 address
in each field.
Session ID—Enter a session ID used by the device and TAM for packet exchanges. TAM only
supports exact matching for this field.
If a field is empty, this field does not serve as a query criterion.
5. Click Query.