No User ID in traffic logs (unless I filter soruce user afterwards) and User activity report blank

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No User ID in traffic logs (unless I filter soruce user afterwards) and User activity report blank

L4 Transporter

Has any one  expereinced any issue to where the ACC shows source user-id but when ser report is ran its blank? Equallu I do not se user name in Traffic logs but  when I filter by source user the name shows up. I tried restarting agent and everything still no luck. I also can see user name in User ID agent on windows machine

3 REPLIES 3

L6 Presenter

Hi...By default, the traffic log is showing only the last X number of lines of recent logs and maybe those logs do not have a source user?  If you scroll to the next page(s),  do you see the source users?  

 

To verify if the PA has userID information, you can issue this CLI command:

 

admin@pa200> show user ip-user-mapping all

 

This userID information is applied to all traffic and is used to record logs.  

 

Thanks.

L4 Transporter

Yes, tried all the above. Whats equally strange is the all looks fine via CLI. I get group mapping and everything but as soon as a show session all filter source-user it shows no actie sesssions and even looking at logs it shows source user ip as the firewall itself  user name is the WMI setup user name but no individual users at all.

 

admin@cobmqic3bpafw01(active)> show user server-monitor statistics

Directory Servers:
Name TYPE Host Vsys Status
-----------------------------------------------------------------------------
qcdc01.org AD  vsys1 Connected

 

 

dmin@cobmqic3bpafw01(active)> show user ip-user-mapping all

IP Vsys From User IdleTimeout(s) MaxTimeout(s)
--------------- ------ ------- -------------------------------- -------------- -------------
10.20x.x.5 vsys1 AD qic\ser_qicb_vdidesktop 2688 2688
10.xx.4.13 vsys1 AD qic\ser_qica2_vco 631 631
10.204.9.x vsys1 AD qic\ser_qicb_visql 1884 1884

 

 

L4 Transporter

Wanted to close loop on this. When setting up UIA whether using the agent or agentless  one think that need to be look at is betweem domains if communication needed then from a server perspective it needs to be confirmed that there is a trust relationship built between the domains. Whether it be 1 way trust or bidirection. If the this not done then user-ids will never show up in traffic logs. This equally will create issue of user activity reports being blank. I workef with my server team to build this repaltionship and it worked like a charm and all UID's are flowing now.

  • 2383 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!