File modifications monitored are being reported incorrectly as being modified by root

Sentinel UNIX agent 7.5 is not forwarding the Effective UserName and session ID field to Sentinel for BSM events and Effective UserName fields for Linux events. Thus when the person switches to another user, still the operations are being shown as done by the logged in user.

To resolve this issue on sentinel install hotfix 7.5 HF1 from https://dl.netiq.com/patch/finder/ location

Effective UserName of Subject token and Session ID is not being forwarded to sentinel server. Therefore Sentinel is unable to populate the Effective UserName information.