05-18-2016 11:25 PM - edited 03-10-2019 11:47 PM
Hello Everyone,
I need your assistance and ideas about the following syslog notification received from ISE server on our Arcsight solution :
What is the reason for such a message knowing that it was not triggered an actual configuration change ??
Appreciate sharing your ideas and experience ,
Best Regards,
Muayad Jallad,
02-09-2021 12:29 AM
Hello Everyone
We have the same syslog message for that user, we are running 2.6 patch 6
Can anyone supply an explanation of what the internal-sys-user actually does. From my understanding it is used for automatic internal system maintenance processes.
However we are unable to see what the processes are that the user has done as the descriptions in the logs a a generic " Machine Authentication Settings has been changed for Machine Authentication Settings".
Is there a way that one can check what changes the user has done?
02-09-2021 05:49 AM
Hi @franjean47
please double check the
Operations > Reports > Reports > Audit > Change Configuration Audit
Operations > Reports > Reports > Audit > Operations Audit
Hope this helps !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide