Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
2
Replies

CAM logout traps

Go to solution
Thompso7540_2
Level 1
Level 1

‎11-30-2010 06:25 AM - edited ‎03-09-2019 11:17 PM

   can someone tell me the differences between these messages in our CAM version 4.7.2 ?

what are the differences between the three?

Authentication2010-11-30 09:13:36[00:0B:6B:01:D6:A3 ## 10.122.18.97] lindsey.hunter - Logged out successfully

Administration2010-11-30 09:11:25

[70:1A:04:8C:15:73 ## 172.31.156.78] bmcstudent  - forcefully logged out by Administrator

Authentication2010-11-30 09:11:21Unable to ping 172.31.156.78, going to logout user bmcstudent
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lauren Sullivan
Level 1
Level 1

‎11-30-2010 11:51 AM

Hi Bryan,

Authentication2010-11-30 09:13:36[00:0B:6B:01:D6:A3 ## 10.122.18.97] lindsey.hunter - Logged out successfully

This is a user being logged out based on something the user did - either logging out of the agent or, if you have "Logoff NAC Agent users from network on their machine logoff or shutdown" checked, by their computer logging off or shutting down.

Administration2010-11-30 09:11:25

[70:1A:04:8C:15:73 ## 172.31.156.78] bmcstudent  - forcefully logged out by Administrator

Authentication2010-11-30 09:11:21Unable to ping 172.31.156.78, going to logout user bmcstudent

These two logs go together.  It looks like you have a heartbeat timer set - so in this case, the earlier error (9:11:21) is the heartbeat timer expiring, and the latter is the user being logged out due to it.  Heartbeat timers are configured under User Management > User Roles > Schedule, and basically just check using ARP that a user is still reachable.  So if you have the timer set to 5 minutes, if the CAS doesn't get a response from the user for over 5 minutes, it'll log them out.  Here's the section from the guide on heartbeat timers: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_trfpol.html#wp1047194

Does that make sense?

Thanks,

Lauren

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Lauren Sullivan
Level 1
Level 1

‎11-30-2010 11:51 AM

Hi Bryan,

Authentication2010-11-30 09:13:36[00:0B:6B:01:D6:A3 ## 10.122.18.97] lindsey.hunter - Logged out successfully

This is a user being logged out based on something the user did - either logging out of the agent or, if you have "Logoff NAC Agent users from network on their machine logoff or shutdown" checked, by their computer logging off or shutting down.

Administration2010-11-30 09:11:25

[70:1A:04:8C:15:73 ## 172.31.156.78] bmcstudent  - forcefully logged out by Administrator

Authentication2010-11-30 09:11:21Unable to ping 172.31.156.78, going to logout user bmcstudent

These two logs go together.  It looks like you have a heartbeat timer set - so in this case, the earlier error (9:11:21) is the heartbeat timer expiring, and the latter is the user being logged out due to it.  Heartbeat timers are configured under User Management > User Roles > Schedule, and basically just check using ARP that a user is still reachable.  So if you have the timer set to 5 minutes, if the CAS doesn't get a response from the user for over 5 minutes, it'll log them out.  Here's the section from the guide on heartbeat timers: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_trfpol.html#wp1047194

Does that make sense?

Thanks,

Lauren

0 Helpful

Go to solution
Thompso7540_2
Level 1
Level 1
In response to Lauren Sullivan

‎12-01-2010 08:07 AM

great - thanks lauren

0 Helpful
Customers Also Viewed These Support Documents