Server Log Monitor Frequency and User-ID

Reply
Highlighted
L2 Linker

Server Log Monitor Frequency and User-ID

 

What recommended value for Server Log Monitor Frequency if we increase the from 2 Sec to 10 Sec ?

 

 

What is the relation between this queries and User Identification Timeout of 600 minutes and Server Log Monitor Freq?

 

 

 

 

 

 


Accepted Solutions
Highlighted
Cyber Elite

@NavidAlam,

This is simply how often the firewall/user-agent reads the server logs to pick up on new login events and the such. So essentially it would take up to 10 seconds before the firewall started to processes the server logs and started mapping users to new IP addresses. 

There really isn't any relationship between the User-ID timeout and the Server log monitor frequency. The user-id timeout is going to sepcify how long a user is mapped to the IP reqardless if a new log isn't seen. The Server log monitor frequency is how often the firewall is processing the server logs to identify new login events. 

Whether or not you should actually increase this value from the default of 2 seconds to 10 seconds is really dependent on your enviroment. If you work in an enviroment that is largely stable, or your user-id based policies really don't make much of a difference, then it really shouldn't effect anything. If you're in an enviroment where people change location regularly and you use user-id to restrict access via policy, then this change could cause a longer delay between the actual sign-on and the user being allowed access to these restricted destinations. 

View solution in original post


All Replies
Highlighted
Cyber Elite

@NavidAlam,

This is simply how often the firewall/user-agent reads the server logs to pick up on new login events and the such. So essentially it would take up to 10 seconds before the firewall started to processes the server logs and started mapping users to new IP addresses. 

There really isn't any relationship between the User-ID timeout and the Server log monitor frequency. The user-id timeout is going to sepcify how long a user is mapped to the IP reqardless if a new log isn't seen. The Server log monitor frequency is how often the firewall is processing the server logs to identify new login events. 

Whether or not you should actually increase this value from the default of 2 seconds to 10 seconds is really dependent on your enviroment. If you work in an enviroment that is largely stable, or your user-id based policies really don't make much of a difference, then it really shouldn't effect anything. If you're in an enviroment where people change location regularly and you use user-id to restrict access via policy, then this change could cause a longer delay between the actual sign-on and the user being allowed access to these restricted destinations. 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!