Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-14708: Centrify DirectAudit Analyzer console showing duplicate sessions

Auditing and Monitoring Service ,   Privileged Access Service ,  

21 May,19 at 04:15 PM

Problem:
There are duplicate sessions showing in Audit Analyzer console whenever a user logged onto an agent-based Unix or Linux system using the Centrify Infrastructure Services portal.  These duplicated sessions could be experienced with one of the following systems:

1) Docker Container
2) Server running inside a NAT environment that does port mapping
3) AWS instance

After restarted Audit Management Server, there should only be one session showing in the Audit Analyzer.

Cause:

The root cause is that the public IP address, stored in CPS secret, not the same as the local IP address of the Linux agent

the following line is observed in the log:
 
 
Aug 09 18:31:06 8966775f08c9 -bash[9925]: DEBUG: IP address (10.100.41.121) in CPS secret is mismatched with the current machine's.

In those cases, if logged onto Linux agent from CPS, cdash will think the session is not from CPS because it found the IP address included in the CPS 'secret' not the same as the local IP address, then log a duplicated session.

Workaround:

Duplicated session can be prevented by setting the following parameter in centrifyda.conf file
  
dash.check.cps.secret.ipaddr: false

The default value is 'true'.  By changing it to 'false', IP address checking will be skipped


Resolution:

This issue has been resolved in Suite 18.11 with setting the following parameter in centrifyda.conf file to specify the local IP address to be stored in CPS secret for the Linux agent 
dash.check.ipaddr.list

one example would be:
  
dash.check.ipaddr.list: 10.100.41.120

command dareload is required to take effect

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6041: How to show current license type in use by adclient article[HOW TO]Install and setup the Centrify Licensing Service articleCentrify 18.5 Release Notes articleCentrify 17.7 Release Notes articleCentrify 17.5 and 17.5 Hotfix Release Notes articleCentrify Cloud 16.10 Release Notes articleCentrify 17.6 and 17.6 Hotfix Release Notes articleCentrify Cloud 16.9 Release Notes articleKB-7736:Is there a report within Centrify Audit Analyzer to show which users have had a successful or failed login attempt to the servers?