Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

USER-ID debug logs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

USER-ID debug logs

L3 Networker

Hi,

 

 

I saw several articles which describe agentless user-id debugging and all show different ways (commands and output files), so I'm not sure which way is right and how to debug and see user login, logout and group mapping process for agentless user-id...I'll be very appreciate if someone share this information! 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hi

 

Depending on the issue you are trying to investigate some commands will be more useful than others

a good place to start is by looking in the debug logging, this will probably contain most of the information you're after:

> debug user-id on debug
> less mp-log useridd.log

 

when you're done don't forget to set debug level to a lower setting

 

> debug user-id on info

 

 

several show commands will come in handy to see if all the mappings/groups are working fine

 

> show user server-monitor state all
> show user server-monitor statistics
> show user user-IDs 
> show user ip-user-mapping all
> show user group list
> show user group name <name>
> show user group-mapping state all

and some further debug commands:

 

 

to get a listing of all users

 

> debug user-id dump idmgr type user all

 

to get a listing of all groups:

 

> debug user-id dump idmgr type user-group all

 

you can also try resetting/clearing mapping if you need to manually refresh all the mappings (if the automatic update is failing or during troubleshooting)

 

> debug user-id reset group-mapping all
> debug user-id refresh group-mapping all
> clear user-cache all
> clear user-cache-mp all

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

Hi

 

Depending on the issue you are trying to investigate some commands will be more useful than others

a good place to start is by looking in the debug logging, this will probably contain most of the information you're after:

> debug user-id on debug
> less mp-log useridd.log

 

when you're done don't forget to set debug level to a lower setting

 

> debug user-id on info

 

 

several show commands will come in handy to see if all the mappings/groups are working fine

 

> show user server-monitor state all
> show user server-monitor statistics
> show user user-IDs 
> show user ip-user-mapping all
> show user group list
> show user group name <name>
> show user group-mapping state all

and some further debug commands:

 

 

to get a listing of all users

 

> debug user-id dump idmgr type user all

 

to get a listing of all groups:

 

> debug user-id dump idmgr type user-group all

 

you can also try resetting/clearing mapping if you need to manually refresh all the mappings (if the automatic update is failing or during troubleshooting)

 

> debug user-id reset group-mapping all
> debug user-id refresh group-mapping all
> clear user-cache all
> clear user-cache-mp all

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 10036 Views
  • 1 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!