How to View User-ID Logs

With agentless User-ID, the user mappings are directly obtained by the queries made by the firewall itself on the domain controller.

The IP-user mapping logs can be viewed by performing the steps below.

Steps

1. Turn on logging for ip-user mapping
   

   > debug user-id log-ip-user-mapping yes

2. View the log
   

   > show log userid
   1,2013/03/28 12:53:05,001701000225,USERID,login,12,2013/03/28 12:53:05,vsys1,172.17.
   128.92,plano2008r2\administrator,test,0,1,2700,0,0,active-directory,unknown,1,0x0
   1,2013/03/28 12:53:05,001701000225,USERID,login,12,2013/03/28 12:53:05,vsys1,172.17.
   128.92,plano2008r2\administrator,test,0,1,2700,0,0,active-directory,unknown,2,0x0
   1,2013/03/28 12:53:05,001701000225,USERID,login,12,2013/03/28 12:53:05,vsys1,172.17.
   128.92,plano2008r2\administrator,test,0,1,2700,0,0,active-directory,unknown,3,0x0
   1,2013/03/28 12:53:05,001701000225,USERID,login,12,2013/03/28 12:53:05,vsys1,172.17.
   128.92,plano2008r2\administrator,test,0,1,2700,0,0,active-directory,unknown,4,0x0

3. Turn off logging
   

   > debug user-id log-ip-user-mapping no

See also

For more information on User-ID, please see the following link:

User-ID resource list

owner: anatrajan