cancel
Showing results for 
Search instead for 
Did you mean: 
jont717
Level 12
Report Inappropriate Content
Message 1 of 9

How to log Administrator user that logs into server locally

Jump to solution

How do I log the Administrator user account that we use to log on locally to our servers? 

I have it setup to not authenticate our server VLAN...so all we see in the log files is " " (blank) for user name.

There must be a way to bring in the Administrator user name, because on the Authentication Required message it knows the user is Administrator.

1 Solution

Accepted Solutions

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

I have attached a sample rule set, which should do the trick:

Bildschirmfoto-50.png

It basically only applies when the Client IP address is in a specific range (of course other criteria can be used here), and if the criteria matches the Username is written into the appropriate property.

Best,

Andre

8 Replies
Highlighted

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

sorry I do not understand the question. What kind of Administrator users?

Are we talking about Users logging in to the GUI?

In which Log files do you want to see those users and where can you actually see them?

Are we talking about version 6 or 7?

Please share some more insight, I think we may find something to help you then.

Best,

Andre

jont717
Level 12
Report Inappropriate Content
Message 3 of 9

Re: How to log Administrator user that logs into server locally

Jump to solution

We log into our servers, Windows 2003 Windows 2008, with the Administrator account.  We log onto these servers locally, not onto our domain.  These servers are still sent to the Gateways via WCCP.

How can local users that are not authenticated be logged (we don't authenticate our server vlan but they still go through the gateway)?  It must be able to pull the "Administrator" account name somehow so it is not just blank in the log files.

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

if you are not calling any kind of authentication at the proxy server I do not think we have a chance to log the username. In the initial post you mentioned that you can see the Username somewhere. Can you let me know where you see it?

How is authentication usually done? Are you using the authentication server? I think if you see "some" lines in the logs that do show a correct Username that this Username is coming from the Auth server, but hard to say.

Best,

Andre

jont717
Level 12
Report Inappropriate Content
Message 5 of 9

Re: How to log Administrator user that logs into server locally

Jump to solution

We authenticate with NTLM with Active Directory.   Can we fake an authentication just to pull the Administrator user name and then not have them authenticate but log the user name?

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

you need to have a chance to identify those users, which is what the authentication usually does. For example if the Client IP address is always the same you should be able to put in a rule
(assuming we are using MWG 7 here) that writes a Username into the appropriate property, if the Client IP matches a specific range/list or something.

Is this that you are basically looking for?

Best,

Andre

jont717
Level 12
Report Inappropriate Content
Message 7 of 9

Re: How to log Administrator user that logs into server locally

Jump to solution

Yes.  Our servers are all on the same VLAN and will always have the same IP address range.

How can I make this rule?  I have 7.0.2.2

Thanks

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

I have attached a sample rule set, which should do the trick:

Bildschirmfoto-50.png

It basically only applies when the Client IP address is in a specific range (of course other criteria can be used here), and if the criteria matches the Username is written into the appropriate property.

Best,

Andre

jont717
Level 12
Report Inappropriate Content
Message 9 of 9

Re: How to log Administrator user that logs into server locally

Jump to solution

This does work.  Thanks for the help.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community