cancel
Showing results for 
Search instead for 
Did you mean: 
jont717
Level 12

How to log Administrator user that logs into server locally

Jump to solution

How do I log the Administrator user account that we use to log on locally to our servers? 

I have it setup to not authenticate our server VLAN...so all we see in the log files is " " (blank) for user name.

There must be a way to bring in the Administrator user name, because on the Authentication Required message it knows the user is Administrator.

0 Kudos
1 Solution

Accepted Solutions
asabban
Level 17

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

I have attached a sample rule set, which should do the trick:

Bildschirmfoto-50.png

It basically only applies when the Client IP address is in a specific range (of course other criteria can be used here), and if the criteria matches the Username is written into the appropriate property.

Best,

Andre

0 Kudos
8 Replies
asabban
Level 17

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

sorry I do not understand the question. What kind of Administrator users?

Are we talking about Users logging in to the GUI?

In which Log files do you want to see those users and where can you actually see them?

Are we talking about version 6 or 7?

Please share some more insight, I think we may find something to help you then.

Best,

Andre

0 Kudos
jont717
Level 12

Re: How to log Administrator user that logs into server locally

Jump to solution

We log into our servers, Windows 2003 Windows 2008, with the Administrator account.  We log onto these servers locally, not onto our domain.  These servers are still sent to the Gateways via WCCP.

How can local users that are not authenticated be logged (we don't authenticate our server vlan but they still go through the gateway)?  It must be able to pull the "Administrator" account name somehow so it is not just blank in the log files.

0 Kudos
asabban
Level 17

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

if you are not calling any kind of authentication at the proxy server I do not think we have a chance to log the username. In the initial post you mentioned that you can see the Username somewhere. Can you let me know where you see it?

How is authentication usually done? Are you using the authentication server? I think if you see "some" lines in the logs that do show a correct Username that this Username is coming from the Auth server, but hard to say.

Best,

Andre

0 Kudos
jont717
Level 12

Re: How to log Administrator user that logs into server locally

Jump to solution

We authenticate with NTLM with Active Directory.   Can we fake an authentication just to pull the Administrator user name and then not have them authenticate but log the user name?

0 Kudos
asabban
Level 17

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

you need to have a chance to identify those users, which is what the authentication usually does. For example if the Client IP address is always the same you should be able to put in a rule
(assuming we are using MWG 7 here) that writes a Username into the appropriate property, if the Client IP matches a specific range/list or something.

Is this that you are basically looking for?

Best,

Andre

0 Kudos
jont717
Level 12

Re: How to log Administrator user that logs into server locally

Jump to solution

Yes.  Our servers are all on the same VLAN and will always have the same IP address range.

How can I make this rule?  I have 7.0.2.2

Thanks

0 Kudos
asabban
Level 17

Re: How to log Administrator user that logs into server locally

Jump to solution

Hello,

I have attached a sample rule set, which should do the trick:

Bildschirmfoto-50.png

It basically only applies when the Client IP address is in a specific range (of course other criteria can be used here), and if the criteria matches the Username is written into the appropriate property.

Best,

Andre

0 Kudos
jont717
Level 12

Re: How to log Administrator user that logs into server locally

Jump to solution

This does work.  Thanks for the help.

0 Kudos