Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
2
Replies

LMS 4.0.1, Understanding Change Audit Report.

andrea.meconi
Explorer
Explorer

‎06-28-2011 03:03 AM

Hello.

I need to understand why change audit report reports an unused username

From help...

Name of the user who performed the change. This is the name  entered when the user logged in. It can be the name under which the LMS  application is running, or the name using which the change was performed on the  device.

The User Name field may not always reflect the user name. The  User Name is reflected only when:

  • A config change was performed using LMS.
  • A config change was performed outside of LMS, but the  network has username-based AAA security model, wherein authentication is  performed by an AAA server, which could be TACACS/RADIUS or local.

Regards.

Andrea

Labels:
0 Helpful
2 Replies 2

Michel Hegeraat
Rising star
Rising star

‎06-28-2011 04:01 AM

If you filter on configuration changes then it would appear that the changes are made using a local user or on the console

Did you analyse what the changes are?

Changes detected on for example "ntp clock period" are not done by anyone. There are not really changes.

Cheers,

Michel

0 Helpful

andrea.meconi
Explorer
Explorer
In response to Michel Hegeraat

‎06-28-2011 05:34 AM

Hello Michel and many thanks for your help.

There are many changes: ACLs and so on...

LMS reports a change made overtime by an user without privileges to login to firewall console!

Regards.

Andrea

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents