forum.wavecrest.net

[dflaherty]

Currently we have imported all of our LDAP users from AD, they populated fine and we can report on them and their corresponding groups. We also have separate VLANs though for 3rd Party Vendors that are contracted, not employed by the company, thus they do not have AD accounts and these PCs are not on the domain. The syslog from the Firewall does contain information regarding these other VLANs but I can not run reports based off of their IP addresses. The report always come back stating that no data could be found.

[Wavecrest Support]

How are you running the reports? Do you have a group with these IPs listed in them that you are running against?
Are you selecting 'IP Address' as your ID Type?

[dflaherty]

I am running Manual User Audit Detail reports for these spearate VLANs. I created groups for them and then manually added the IPs of each within. When running the report I am selecting the ID Type as IP Address and I use the Search in Groups and IDs to locate the Group I want to report on, it then appears in the selected Groups box. The report does run, and the Parameters are displayed correctly, but below that where the data should be there is a box that says "Error Information - There was no data found on the group or user" but if I manually go into the Syslog, I can find plenty of entries for these PCs.

[Wavecrest Support]

Can you post a snippet of the log file data from these IP's vs an authenticated request?

[dflaherty]

Below is from the Syslog. The top entry is from an authenticated user on the domain, the bottom is from a separate VLAN not on our domain. As you can see, both contain the date, the internal IP of the Firewall, the Firewall Serial number, the external IP of the Firewall, the source IP of the workstation and the destination of the website being accessed (in this case both are google). The only difference is the top entry lists the user whereas the bottom doesn't because that PC is not on the domain.

2009-03-13 15:24:20 Local0.Info 10.20.145.6 id=firewall sn=xxxxxxxxxxxx fw=(WAN IP) pri=6 c=1024 m=97 n=174006 usr="DOMAIN\jsmith" src=10.20.11.148:1194:X2: dst=74.125.19.17:80:X1:cf-in-f17.google.com proto=tcp/http op=Other sent=282 rcvd=7447 result=200

2009-03-13 15:23:24 Local0.Info 10.20.145.6 id=firewall sn=xxxxxxxxxxxx fw=(WAN IP) pri=6 c=1024 m=97 n=173992 src=10.20.146.49:4192:X2: dst=64.233.169.99:80:X1:yo-in-f99.google.com proto=tcp/http op=Other sent=45164 rcvd=219729 result=200

If I report on jsmith there is record of him accessing google at the listed date and time, but if I report on 10.20.146.49 no data is returned.

[Wavecrest Support]

We are going to need to see some debugging information in order to diagnose the exact problem. Can you contact support at the email below for so we can send full details on the information we are going to need. Thanks.