01-18-2013 11:27 AM
3 questions:
Why does the Agent (and PAN) not get updated when a new user logs in?
What is the purpose of the “Enable user Identification Timeout” and the corresponding “User Identification Timeout (min.)” in the Agent? What will be the result if we disable this setting altogether? We do not use NetBIOS or WMI probing at this time.
User Identification Timeout is enabled and set to 180 min our agent. We believe this is why there was a 3 hour delay, but since the agent is updated from the AD logs every 5 seconds, I do not see the point in this setting. What is its intent? We plan to change it to 5 min. What will be the effect if we just disable it? "User Identification Timeout" provided no results in the support portal.
01-29-2013 03:22 PM
User Identification Timeout is set so that you may flush out older entries.
Typically you do want to set a Timeout value, even though when a new user logs into a particular IP address, the user to ip mapping will be created for that user (and the older user at that IP address may have logged out already)
The UserID agent does not track log out events so unless there is a timeout value set, you could potentially have an indefinite entry for a user / ip mapping and use up all the memory resources over time.
Hope this helps.
The following Tech Note has helpful info.
01-21-2013 07:35 PM
I believe that the User Timeout settings determines how long the Agent will retain the User to IP mapping.
Typically it is recommended to keep this number at 1/2 of your DHCP lease time.
The reason is that the DHCP standard has users asking for their DHCP address ever 1/2 of their lease time.
So a user with a lease time of 16 hours, would have its DHCP address renewed at the 8 hour mark.
So if you configure your Timeout value to match 8 hours, when the user retains (or obtains a new IP address), the UserID mapping is now also updated.
There are many docs written that describe the UserID functionality, but do not specifically call out the User Identification Timeout value.
I had a to read a few of the docs to put it all together.
Hope this helps.
01-29-2013 03:22 PM
User Identification Timeout is set so that you may flush out older entries.
Typically you do want to set a Timeout value, even though when a new user logs into a particular IP address, the user to ip mapping will be created for that user (and the older user at that IP address may have logged out already)
The UserID agent does not track log out events so unless there is a timeout value set, you could potentially have an indefinite entry for a user / ip mapping and use up all the memory resources over time.
Hope this helps.
The following Tech Note has helpful info.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
