04-13-2015 02:56 PM - edited 03-12-2019 05:39 AM
I've installed User Agent version 2.2 in an Windows 2008 Server to pooling our 2 AD server.
Everything appears to be OK. The 2 servers appears as "available" in Polling Status column, and Sourcefire DC connection appears as "available" in Status column.
But no user appears on Firesight Analysis->Users->Users.
In Logs Tab, an error appears: "[0226] - Unable to write to log events: [INSERT INTO event_records ...". Screenshot attached.
Any ideas? I already tried 2.1.1 and 2.0 versions.
04-14-2015 09:57 PM
Make sure that you have enabled log on log off events recorded in AD.
04-15-2015 08:22 AM
Not appears to be the case.
These error events in log, shows usernames. I understand that User Agent are receiving Logone/Logoff events.
I don't know if error is at the local database or remote (Firelight).
05-21-2015 08:49 AM
Hi,
i experience the same issue. Did you get it fixed?
Thanks in advance!
Denny
05-21-2015 10:01 AM
That's what i found.... looks like a nice little bug ;)
https://tools.cisco.com/quickview/bug/CSCze90399
05-28-2015 03:00 AM
No :( we really need information about users.
05-28-2015 06:32 AM
Solution:
06-18-2015 02:39 AM
Any solution for this?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: