3 Replies Latest reply: Apr 30, 2014 4:35 PM by pcoates RSS

    msntw auth messages stored in messages file

    pcoates

      Hey Guys,

       

      Version 8.3.x firewall utilizing domain authentication, the MSNTW service writes every authentication (authentication is for smartfilter access) to the messages file. The format is as follows (scrubbed):

       

      Jan 27 08:30:01 HOSTNAME msntw: NTLM server step 1

      Jan 27 08:30:03 HOSTNAME last message repeated 2 times

      Jan 27 08:30:03 HOSTNAME msntw: client flags: ffff8207

      Jan 27 08:30:03 HOSTNAME msntw: NTLM server step 2

      Jan 27 08:30:03 HOSTNAME msntw: client user: USERNAME

      Jan 27 08:30:03 HOSTNAME msntw: client domain: DOMAIN

      Jan 27 08:30:04 HOSTNAME msntw: NTLM server step 1

       

      I checked the authenticator.conf file and no debug mode is set for the authenticator.

       

      Does anyone know how to disable this logging to the messages file?

       

      Thanks

       

      Message was edited by: pcoates on 1/31/14 3:59:37 PM CST
        • 1. Re: msntw auth messages stored in messages file
          pcoates

          Bump.

           

          Just following up to see if anyone had any ideas on this? I actually never got around to finding a solution/answer.

           

          Cheers,

           

          Pete

          • 2. Re: msntw auth messages stored in messages file
            rsweeney

            Hi Pete,

             

            Have you already looked at KB63305 on kc.mcafee.com?

            Looking at:  man msntw   I do see there are 3 log levels. 

            The output in your post seems to indicate you might be set to log level 2 (Log the results of steps during authentication process).

             

            You might be able to follow the steps in KB63305 to change the log level to 1 (Log only fatal errors and authentication results).

             

            -Ryan

            • 3. Re: msntw auth messages stored in messages file
              pcoates

              That's what I was originally expecting to find, however there are no debug options specified in my config

               

              SNIP from /secureos/etc/warder/authenticator.conf:

               

              authenticator(ntlm /usr/libexec/msntw config_file[]directory[/var/run/authenticator/ntlm] env(domain[mNTw] user[] group[] core[]files[2048] memory[] processes[2000] stack[] rss[])pidfile(/var/run/authenticator/ntlm/msntw.pid lock) valid[yes] enabled[on]args[-c /etc/sidewinder/authenticator/ntlm.conf] service_name[msntw]failure_event[SERVICE_FAILURE])

               

               

              So I guess I could try the following and see if it stopped it:

               

               

              authenticator(ntlm /usr/libexec/msntw config_file[]directory[/var/run/authenticator/ntlm] env(domain[mNTw] user[] group[] core[]files[2048] memory[] processes[2000] stack[] rss[])pidfile(/var/run/authenticator/ntlm/msntw.pid lock) valid[yes] enabled[on]args[-c /etc/sidewinder/authenticator/ntlm.conf -1] service_name[msntw]failure_event[SERVICE_FAILURE])