Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
0
Replies

Multiplicated session directory objects in pxGrid session feed

mbisko
Level 1
Level 1

‎03-09-2020 02:36 PM

Hello,

for our project we use session information feed from pxGrid. Everythink is ok except session information content.

For some messages, mostly DISCONNECTED status, we receive the same information several times:

We receive this feed from ISE-PIC, 2.4.0.357, patch 9. ISE-PIC is fed by syslog from production ISE.

 

username and domain details are changed but I can privately provide full logs.

Interestingly all record contain the same timestamp but they are sent at different times. These are kind of "bulk updates" that contain more session objects in one shot.

 

Also I have observed that the duplicates are sent in 5 minutes interval and I have seen it in other few debugged cases as well:

2020-03-09 15:20:16.1997

delta 1:30 min (if this interval is always 1:30, I cannot prove)

2020-03-09 15:21:36.2273

delta 5 min

2020-03-09 15:26:36.3338

delta 5 min

2020-03-09 15:31:36.4542

 I have also confirmed from ISE logs that the objects are for sure sent by ISE.

 

2020-03-09 15:20:16.1997->{"timestamp": "2020-03-09T15:20:15.082+01:00", "state": "DISCONNECTED", "userName": "ppxxx", "callingStationId": "172.17.90.141", "ipAddresses": ["172.17.90.141"], "macAddress": "a0-a4-c5-b1-44-b9", "adNormalizedUser": "ppxxx", "adUserDomainName": "alxx.com", "adUserNetBiosName": "ALXX", "providers": ["Syslog"], "endpointCheckResult": "none", "endpointCheckTime": "2020-03-09T15:20:15.082+01:00", "identitySourcePortStart": 0, "identitySourcePortEnd": 0, "identitySourcePortFirst": 0, "mdmRegistered": false, "mdmCompliant": false, "mdmDiskEncrypted": false, "mdmJailBroken": false, "mdmPinLocked": false}]}
2020-03-09 15:21:36.2273->{"timestamp": "2020-03-09T15:20:15.082+01:00", "state": "DISCONNECTED", "userName": "ppxxx", "callingStationId": "172.17.90.141", "ipAddresses": ["172.17.90.141"], "macAddress": "a0-a4-c5-b1-44-b9", "adNormalizedUser": "ppxxx", "adUserDomainName": "alxx.com", "adUserNetBiosName": "ALXX, "providers": ["Syslog"], "endpointCheckResult": "none", "identitySourcePortStart": 0, "identitySourcePortEnd": 0, "identitySourcePortFirst": 0, "mdmRegistered": false, "mdmCompliant": false, "mdmDiskEncrypted": false, "mdmJailBroken": false, "mdmPinLocked": false}
2020-03-09 15:26:36.3338->{"timestamp": "2020-03-09T15:20:15.082+01:00", "state": "DISCONNECTED", "userName": "ppxxx", "callingStationId": "172.17.90.141", "ipAddresses": ["172.17.90.141"], "macAddress": "a0-a4-c5-b1-44-b9", "adNormalizedUser": "ppxx", "adUserDomainName": "alxx.com", "adUserNetBiosName": "ALXX, "providers": ["Syslog"], "endpointCheckResult": "none", "identitySourcePortStart": 0, "identitySourcePortEnd": 0, "identitySourcePortFirst": 0, "mdmRegistered": false, "mdmCompliant": false, "mdmDiskEncrypted": false, "mdmJailBroken": false, "mdmPinLocked": false}
2020-03-09 15:31:36.4542->{"timestamp": "2020-03-09T15:20:15.082+01:00", "state": "DISCONNECTED", "userName": "ppxxx", "callingStationId": "172.17.90.141", "ipAddresses": ["172.17.90.141"], "macAddress": "a0-a4-c5-b1-44-b9", "adNormalizedUser": "ppxxx", "adUserDomainName": "alxx.com", "adUserNetBiosName": "ALXX", "providers": ["Syslog"], "endpointCheckResult": "none", "identitySourcePortStart": 0, "identitySourcePortEnd": 0, "identitySourcePortFirst": 0, "mdmRegistered": false, "mdmCompliant": false, "mdmDiskEncrypted": false, "mdmJailBroken": false, "mdmPinLocked": false}

 

Is this ISE bug? Or something that we should count with and which has its reason?

 

Thank you for your help, Martin

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents