Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-14708: Centrify DirectAudit Analyzer console showing duplicate sessions

Auditing and Monitoring Service ,   Privileged Access Service ,  

21 May,19 at 04:15 PM

Problem:
There are duplicate sessions showing in Audit Analyzer console whenever a user logged onto an agent-based Unix or Linux system using the Centrify Infrastructure Services portal.  These duplicated sessions could be experienced with one of the following systems:

1) Docker Container
2) Server running inside a NAT environment that does port mapping
3) AWS instance

After restarted Audit Management Server, there should only be one session showing in the Audit Analyzer.

Cause:

The root cause is that the public IP address, stored in CPS secret, not the same as the local IP address of the Linux agent

the following line is observed in the log:

 
 
Aug 09 18:31:06 8966775f08c9 -bash[9925]: DEBUG: IP address (10.100.41.121) in CPS secret is mismatched with the current machine's.

In those cases, if logged onto Linux agent from CPS, cdash will think the session is not from CPS because it found the IP address included in the CPS 'secret' not the same as the local IP address, then log a duplicated session.

Workaround:

Duplicated session can be prevented by setting the following parameter in centrifyda.conf file

 
dash.check.cps.secret.ipaddr: false

The default value is 'true'.  By changing it to 'false', IP address checking will be skipped


Resolution:

This issue has been resolved in Suite 18.11 with setting the following parameter in centrifyda.conf file to specify the local IP address to be stored in CPS secret for the Linux agent
dash.check.ipaddr.list

one example would be:
 
dash.check.ipaddr.list: 10.100.41.120

command dareload is required to take effect

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.