In general, to configure collecting information from sources, you follow these steps:
Name |
Description |
---|---|
Step 1. Configure the UserID agent settings. |
To do it, click Configure agent button under Users and devices ➜ UserID agent. |
Step 2. Configure the event source. |
You can use Microsoft Active Directory or Syslog as sources. |
When configuring the agent, you must fill in the following fields:
Name |
Description |
---|---|
Polling interval (sec.) |
Active Directory servers polling interval. The default value is 120 seconds. |
Session expiration time (sec.) |
The period of time after which the user's session will be forcibly terminated. The default value is 2700 seconds (45 minutes). |
Syslog Monitoring Interval (sec.) |
Database poll period to look for syslog-source user session start/end events. |
Ignore network list |
Lists of IP addresses the events from which should be ignored by the UserID agent. A record about the ignored source appears in the UserID agent log. You can create the list in the Libraries ➜ IP addresses or when configuring the agent (Create and add new object button). For more details about how to create and configure IP address lists, see IP addresses. This setting is global and applies to all sources. |
Ignore user list |
Names of users the events from which should be ignored by the UserID agent. The search is based on the Common Name (CN) of the AD user. This setting is global and applies to all sources. A record about the ignored user appears in the UserID log. Important! When specifying a name, you can use the asterisk (*), but only at the end of a string. |