Cisco Cisco Firepower Management Center 2000
2-10
FireSIGHT User Agent Configuration Guide
Chapter 2 Setting up a User Agent
Configuring a User Agent
Configuring User Agent Active Directory Server Connections
License:
FireSIGHT
You can add connections to up to five Active Directory servers from an agent, and configure:
•
whether the agent retrieves login and logoff data real-time or polls the Active Directory servers at
regular intervals for data
regular intervals for data
•
how often the agent polls for user activity data, or attempts to establish or re-establish a real-time
connection with an Active Directory server if the connection is lost
connection with an Active Directory server if the connection is lost
•
what IP address the agent reports for logins to the Active Directory server itself
•
how much login and logoff data the agent retrieves when it establishes or re-establishes a connection
with an Active Directory server
with an Active Directory server
When an agent is configured to retrieve data real-time and real-time monitoring is unavailable, the agent
instead attempts to poll the Active Directory servers for data until real-time monitoring is again
available.
instead attempts to poll the Active Directory servers for data until real-time monitoring is again
available.
Tip
If your user agent retrieves significant amounts of user activity, Cisco recommends configuring polling
instead of real-time data retrieval. In a high-activity environment, configure a
instead of real-time data retrieval. In a high-activity environment, configure a
1 minute
polling interval
and no greater than a
10 minute
maximum polling length.
Note that you cannot configure the agent to monitor an Active Directory server real-time if it is running
Windows Server 2003. Real-time monitoring requires an Active Directory server running Windows
Server 2008 or greater.
Windows Server 2003. Real-time monitoring requires an Active Directory server running Windows
Server 2008 or greater.
add, modify, or remove user names excluded
from reporting
from reporting
select the
Excluded Usernames
tab. See
for more information.
add, modify, or remove IP addresses excluded
from reporting
from reporting
select the
Excluded Addresses
tab. See
for more information.
view, export, and clear the event log, log to
Windows application logs, and modify how long
messages should be kept
Windows application logs, and modify how long
messages should be kept
select the
Logs
tab. See
for more information.
perform troubleshooting and maintenance tasks,
as directed by Support
as directed by Support
select the
Logs
tab, enable
Show Debug Messages in
Log
, then select the
Maintenance
tab. See
for
more information.
save changes to the agent settings
click
Save
. A message displays below
Save
stating
when you have unsaved changes.
close the agent without saving changes to the
agent settings
agent settings
click
Cancel
.
Table 2-1
User Agent Configuration Actions (continued)
To...
You can...