Dear all
I have a problem with agent polling.
I install collector on a domain PC(win7), and polling one DC server(2012r2) with advanced mode.
But I can't see logon user in "show logon users" of collector.
Then I change the mode to standard, logon user is displaying in "show logon users" .
Should I config anything on AD server for the advanced mode?
Appreciate for any advice.
tool version:5.0.0264(download from 5.6.3)
FGT version:5.6.3
#attached the collector config
Hi Anton0926,
if you installed Collector Agent onto Win7 computer, then:
- the PC has to be domain member
- install under domain admins member account
- in Show monitored DCs (DC Agent Status window) , here you should see polled DCs. If there is no DC, then use Select DC to Monitor button bellow and choose your DCs and polling method (pre-selected is WinSec polling which is fine, but need Remote Registry Service running (turned manually on) on workstations to successfully pass workstation checks. The WinSec+WMI option (bellow) is slightly better as it does pre-filtering via WMI query to poll just useful events and also WMI is by default running on workstations and so workstation checks will pass OK.)
- then you should see some users, at least admin logged on PC, in Show logon users
There should be no other necessary setting to get this polling working (tested now in lab).
Sure you pointed to AD/LDAP during the installation and so you have AD/LDAP address in 'Set Directory Access Information (Advanced) / Advanced Settings'. Username and password is not needed if you did install Collector Agent under domain admin member (and so process is running under that account). If not then this is the username/password for access to LDAP and for group membership verification.
For further checks you can set Logging (on main app window) to Debug + Log size to ~50MB and then check Collectoragent.log file in app folder for details. It might hint you why there are no users. If failing part is polling itself or consecutive checks .. DNS query for workstation name (yes, FSSO heavily depends on DNS), LDAP group verification. Without those further checks passed there will be no complete logon in user list.
Kind regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Dear
Thanks for your advice,
I follow the step and still no user displaying,
I will setup another domain to test again.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.