Hot!FSSO, DC Agent and Collectors user logon timeout

Author
AlexeyU
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/08/19 04:12:44
  • Status: offline
2020/08/20 00:18:33 (permalink)
0

FSSO, DC Agent and Collectors user logon timeout

Hi All, 
 
I have two DC's and one Collector who monitoring that DC's in Agent mode.
 
Now time: 10:09.
In Collector I see in 'DC Agent Status' received last logon event received at 10:08:37
Open 'Logon user list' and sort by time and see last record logon time 05:32:09. And no my user in list.
 
I'm logoff/logon on test machine and my user is not showed in logon user list. I'll check logon server and his is one of monitored DC's
I have 'Group filters' for Domain Users and all user must be in logon users list.
post edited by AlexeyU - 2020/08/20 01:43:38
#1

1 Reply Related Threads

    xsilver
    Expert Member
    • Total Posts : 539
    • Scores: 135
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Location: EMEA
    • Status: offline
    Re: FSSO, DC Agent and Collectors user logon timeout 2020/09/11 02:05:59 (permalink)
    0
    Hi,
     
    Collector agent process logons with some internal logic before they will make it to user list, and maybe to connected FortiGate.
     
    1. make sure that workstation is connected to DC (echo %logonserver%) and that this DC is monitored by your DCAgent (as you mentioned Agent mode)
     
    2. make sure the DCAgent does report to your Collector, either from config/registry of DCAgent or check end of exported config from Collector, as if DCAgent is hooked OK it should be listed there
     
    3. make sure that IP/hostname of your workstation is correctly in DNS, as if it will be impossible to resolve hostname from logon event to IP, that event will be discarded => no user list record
     
    4. make sure Collector is able to resolve group membership of spotted users
     
    5. if Collector is set with Group Filter, then make sure user in event does belong to at least one of configured groups in filter. Groups Filters govern which users from global user list on Collector will be sent, according to filter and group membership, to which destination FortiGate (or any connected FortiGate if Global filter is used). If there will be no destination (group filter record) where to send such logon (user's group membership is not used anywhere in filters), then processing of such logon will be terminated as it would be useless.
     
    If user logon makes it so far, then it is in user list on Collector.
    If it matches any of the set Group Filters, then this logon is sent to matching FortiGate according to Filters.
     

    Kind Regards,
    Tomas
    #2
    Jump to:
    © 2020 APG vNext Commercial Version 5.5