No source user in logs post 8.1.2 upgrade

L2 Linker

No source user in logs post 8.1.2 upgrade

At the weekend I upgraded all our boxes from 8.0.9 to 8.1.2 as we need to make use of the new GP - Split Tunnel by URL features & Enhanced UserId coolness. Yes, I know - this was brave :-)


Everything seems to be working as expected & as it was pre-upgrade with the exception of logging, where we no longer get the SourceUser in the logs for Traffic or URL logs in two locations.


We are using UserId agent version 8.1.2 , & I can see that the IP - username mapping is working as expected via show user ip-user-mapping ip xxxxx from the CLI, the policy is also enforcing user / group rules as expected - however the logging for traffic just has an empty field for SourceUser where pre-upgrade it was populated correctly.


This problem appears on our HA 3020 cluster and our HA 3050 cluster (both Active / Passive) - not on our standalone 820 / 500 / 220 which are using the same config & useridagents since the policy is pushed from Panorama to all devices.


Anyone have any ideas ?


Thanks - Nick.

L7 Applicator

Re: No source user in logs post 8.1.2 upgrade


I would really recommend contacting TAC so that they can gather files if this is a bug, and it kind of sounds like a bug. 

L2 Linker

Re: No source user in logs post 8.1.2 upgrade

For completeness - this was fixed in 8.1.3, along with another issue for clustered servers whereby dynamic updates for anti-virus patterns stopped being installed correctly & evenutally stopped the active node in the cluster accepting commits.


8.1.3 is appearing to be stable, at least for us !

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!