the synchronize users button has a different function. It will try to move uses from the anonymous directory to any configured directory. But if there is no user name, then they would not be moved.
If Web Reporter doesn't have a user name then here are some possibilities.
1) User name was not logged (or users possibly not authenticated) check the access log for user names
2) Assuming that the user name is in the log, then the "username" header isn't properly alighned over the right column. I doubt this is the case unless every value in that column is a "-" because otherwise your usernames would be anything in that column.
It's really odd. I've logged a call with Support, but was just wondering whether anybody else had seen this in their environment.
I've had a reply from support explaining the scenarios when a report would show the username as being a dash ' - ',
This mainly happens when:
- user authenticated by IP
- user authentificated by destination site
- global white list
- bypass rule
These scenarios make sense, however, none of the above seem relevant to me. The report I have run is searching for all users who have accessed a particular URL on a particular date. We do not have any bypass authentication rules configured for the destination URL/IP address, nor is it in a Global Whitelist rule.
As I mentioned in the original post, I am using a static IP address and can see entries for my IP address in the report, some of the entries have resolved my username and some of the entries are showing me as an anonymous username.
That's what's confusing me.... I don't see how it is able to resolve my username on some occasions and then show me as anonymous on other occasions. (All referencing the same URL)
HTTP status code 407 (proxy auth) are not imported by Web Reporter because it would cause "double" reporting, and therefore you cannot run a report against 407 requests. But Eelsasser is correct that the reason for double requests (one with username and one without) is that the first request hasn't been authenticated, so they are redirected for auth. After authentication, they will make the same request with credentials and you will see the user name. But for this very reason, the 407 is dropped by Web Reporter.
My original post is still withstanding. If user names are in your logs, then the header doesn't match.
Take you access log and filter it to remove 407's like this.
grep -v " 407 " accessyyyymmddhhMMss.log > filtered_access.log
Then look at the filtered results for any remaining requests that are not authenticated.