- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-18-2016 12:39 PM
Has any one expereinced any issue to where the ACC shows source user-id but when ser report is ran its blank? Equallu I do not se user name in Traffic logs but when I filter by source user the name shows up. I tried restarting agent and everything still no luck. I also can see user name in User ID agent on windows machine
05-23-2016 07:08 AM
Hi...By default, the traffic log is showing only the last X number of lines of recent logs and maybe those logs do not have a source user? If you scroll to the next page(s), do you see the source users?
To verify if the PA has userID information, you can issue this CLI command:
admin@pa200> show user ip-user-mapping all
This userID information is applied to all traffic and is used to record logs.
Thanks.
05-23-2016 04:47 PM
Yes, tried all the above. Whats equally strange is the all looks fine via CLI. I get group mapping and everything but as soon as a show session all filter source-user it shows no actie sesssions and even looking at logs it shows source user ip as the firewall itself user name is the WMI setup user name but no individual users at all.
admin@cobmqic3bpafw01(active)> show user server-monitor statistics
Directory Servers:
Name TYPE Host Vsys Status
-----------------------------------------------------------------------------
qcdc01.org AD vsys1 Connected
dmin@cobmqic3bpafw01(active)> show user ip-user-mapping all
IP Vsys From User IdleTimeout(s) MaxTimeout(s)
--------------- ------ ------- -------------------------------- -------------- -------------
10.20x.x.5 vsys1 AD qic\ser_qicb_vdidesktop 2688 2688
10.xx.4.13 vsys1 AD qic\ser_qica2_vco 631 631
10.204.9.x vsys1 AD qic\ser_qicb_visql 1884 1884
05-31-2016 09:30 AM
Wanted to close loop on this. When setting up UIA whether using the agent or agentless one think that need to be look at is betweem domains if communication needed then from a server perspective it needs to be confirmed that there is a trust relationship built between the domains. Whether it be 1 way trust or bidirection. If the this not done then user-ids will never show up in traffic logs. This equally will create issue of user activity reports being blank. I workef with my server team to build this repaltionship and it worked like a charm and all UID's are flowing now.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!