Why does some traffic in the logs not have a user tied to the IP address at times even tho in the logs the IP has a user mapped to it most of the time. This is causing policy to be dropped down to a different level.
Most likely reason is there is no mapping at that time for that user for various reason. Once you notice that a user does not have user-name in monitor logs, run following commands :
> show user ip-user-mapping ip <ip_address_in_question>
Most probably you won't see a mapping. We need to find why it disappeared for a while, probably due to timeout (but too early to tell). Hope this helps. Thank you.
For my IP, if I look at the log, it does not do it often, but if I search my ip, and then look at the time stamp. 19:49:52 no user ID, 19:49:53 my user id, then several with my user ID, and then just a random one without my user id.
Based on your symptoms, it is most likely management-plane issue. At the end of the session when logs are generated under traffic logs, mp sends information to log receiver, if any of these process or other process are busy then most likely these information would be missed. In those scenario you will see these blank user-names. What is the software version and hardware model of your device. I would suggest restarting just the processes in question if they are running high. Hope this helps. Thank you.
Other option to troubleshoot would be look at the user id agent's logs to see if there are any information that relates to IP in question. You can run it in debug mode and once you see the issue again, go the same time frame and look for logs related to IP. Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!