A customer has a Privileged Manager for Unix setup, with a Policy Server that is receiving logs from dozens of Sudo clients. Safeguard for Sudo is set up such that each client attempts their sudo commands, reading from a policy server, and if allowed then their session will run and all keystrokes are logged on the policy server.
However the customer also has an SPS, and they are wanting all the iologs to end up in the SPS. We've set up a Connection policy on SPS for the iologs, and set the pm.settings file of the policy server to point at it with auditsrv* variables, but it doesn't seem to be getting all the logs. It is receiving logs from the policy server itself, but not from all the clients connecting through the policy server.
Is there any documentation on how to set up this connection between a policy server and SPS? I haven't been able to find anything, so I've just been working with them on setting up the connection as best I can.
