Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
Hi, i use a syslog collector to receive ip-user-mappings from an Juniper Secure Access Gateway. It works quite fine, i created a custom syslog filter on my paloalto and created the correspondig Server Monitor entry for my Juniper Systems. a simple "show user server-monitor state all" on the commandline shows that the collector receives the corresponding logs and that the filter works: UDP Syslog Listener Service is enabled SSL Syslog Listener Service is disabled Proxy: xxxxx Host: xxxxx(1xxx.xxx.xxx.xxx) number of log messages : 83 number of auth. success messages : 16 additionaly the commands "show user ip-user-mapping all type SYSLOG" show that the current mappings: IP From User IdleTimeout(s) MaxTimeout(s) --------------- ------- --------------------------- -------------- ------------- xxx.xxx.xxx.xxx SYSLOG xxx 2429 2429 xxx.xxx.xxx.xxx SYSLOG xxx 1619 1619 xxx.xxx.xxx.xxx SYSLOG xxx 2404 2404 xxx.xxx.xxx.xxx SYSLOG xxx 2678 2678 Total: 4 users The probem is that my juniper does not log any keep alive messages, so when the "Idle Timeout" or the "Max Timeout" on the paloalto for the mapping is reached. The mapping will be deleted, regardless of a still existing session on my juniper. I thought that one solution might be to increase the "User Identification Timeout" but then i saw that this is a global setting on the pa and that this setting will also increase the Timeouts for my AD User-Agent and my Terminalserver-Agents. Why can there be different timeout values for the different User-ID Domains, i saw that you already seperated them ... AD Active Directory CP Captive Portal EDIR eDirectory GP Global Protect NTLM NTLM SSL/VPN SSL VPN SYSLOG Syslog UIA User-ID Agent UNKNOWN Unknown XMLAPI XML API Kind regards Christoph
... View more