- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-28-2011 06:11 AM
We are running a 2008 R2 domain and the user agent is in and working. However, it keeps showing one of our domain service accounts on many (not all) of the reports and monitoring instead of the actual user that is browsing. We run the same service account that is showing up in the reports for our KACE agent and Sophos agent. Not sure if this is what's causing the Palo to pick them up, but we need a way to see the actual end user and not the service account running (if this is indeed where it is coming from). Again, this does not happen for all PCs, but quite a large percentage. Any ideas on this?
10-28-2011 06:44 AM
Does the pan-agent GUI still map the ip to the service account(via gui interface)? If not, try resetting the connection between the pan-agent and the pan device with the following command on the pan device:
> debug device-server reset pan-agent all
10-28-2011 06:23 AM
Create an ignore list and add the 'service' account so it does not overwrite the locally logged in user. Place the file in the pan-agent installation directory and then restart the pan-agent service.
"ignore_user_list.txt"
Example of names to place in the list:
ntadmin
administrator
10-28-2011 06:27 AM
I will try that, it sounds right. Is there any special syntax for what I put in the txt file or is just the fully qualified name with carriage return at the end required?
10-28-2011 06:31 AM
Service account name would be sufficient. Feel free to update the thread if you're still having issues nonetheless.
Regards,
Renato
10-28-2011 06:39 AM
Got the file in and restarted the service. The Traffic Monitoring still shows the service account going by. Does it take a while to flush the service account name out of the Security Logs on the DC maybe?
10-28-2011 06:44 AM
Does the pan-agent GUI still map the ip to the service account(via gui interface)? If not, try resetting the connection between the pan-agent and the pan device with the following command on the pan device:
> debug device-server reset pan-agent all
07-03-2013 06:44 PM
Thanks that worked for me!
nato wrote:
Create an ignore list and add the 'service' account so it does not overwrite the locally logged in user. Place the file in the pan-agent installation directory and then restart the pan-agent service.
"ignore_user_list.txt"
Example of names to place in the list:
ntadmin
administrator
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!