I have problems related to the auditor. I have managed to connect the linux agents but the problem is that the activity done on the agent that are accepted or rejected by the server are not showing on the compliance auditor. The activity log of the Linux host can be viewed in the hosts view log but the activity is not shown in the auditor. I can view the windows agents commands on the auditor. Any help regarding linux agent auditor would be appreciated.
Sounds like you can see the audit data in 'Reporting'. There are 2 components to PUM. Reporting (all audit data) and Compliance Auditor (a subset of Reporting, that is pulled into the Compliance auditor based on custom rules.)
As an example, say I have 100 events in a day. In Reporting, it should show all 100 events -whether those events were authorized or not authorized or session captured or not session captured.
However for Compliance Auditor, you have to create rules to pull in events from Reporting. To do this, go to Home | Compliance Auditor | from the left Nav, Audit Rules.
You can create rules that pull in events based on your criteria, such as pull in 5 events, Daily, then the Run Host equals a certain host. You can create multiple rules based on your criteria (aka Filter).
Remember: Compliance Auditor was meant to pull in events for a spot check by a manager/auditor. Reporting was meant to show all audit data.