Customer found the below alert on RTMT for his IM&P Publisher
SyslogSeverityMatchFound events generated: SeverityMatch : Alert MatchedEvent : Jul 28 10:22:38 CUP01 authpriv 1 sudo: xcpuser : command not allowed ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/chgrp ccmbase /var/log/active/platform/log/dbl.bin
The most similar issue I found is CSCuw99718, but customer is running v 11.5.1.13901-1 wha is supposed to be fix in this version as bug description.
Does anyone has faces this alarm before? Any clue on how to troubleshoot that?
Thanks and regard,