Environment
NetIQ Sentinel UNIX Agent 7.5
Situation
Sentinel UNIX agent 7.5 is not forwarding the Effective UserName and session ID field to Sentinel for BSM events and Effective UserName fields for Linux events. Thus when the person switches to another user, still the operations are being shown as done by the logged in user.
Resolution
To resolve this issue on sentinel install hotfix 7.5 HF1 from https://dl.netiq.com/patch/finder/ location
Cause
Effective UserName of Subject token and Session ID is not being forwarded to sentinel server. Therefore Sentinel is unable to populate the Effective UserName information.