Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-45132: Understanding the Different Session Statuses in Centrify Audit Analyzer

Auditing and Monitoring Service ,  

1 December,20 at 08:39 PM

Question: In the Centrify Audit Analyzer, what is the actual difference between a session that is marked as completed and one marked as disconnected?

To illustrate, notice the "State" column of an audited session. Sometimes it may show as "Disconnected" or "Terminated" here.

User-added image

Answer: When an audited session ends without issues, (normal user logout) the CentrifyDA agent should be sending an "end session" packet to the Collector to indicate the session has ended and will cause the session status to show as completed. If a session shows as disconnected it means that for some reason the Collector did not get that ending packet.

The Collector may end up getting the end session packet at some point and it will change the session status to completed or in-progress. A session in a disconnected status is typically a temporary status, but if the Collector never gets the end session packet or views the agent as being as offline, then the session will eventually show a status of terminated.