Cisco Cisco Firepower Management Center 4000
2-18
FireSIGHT User Agent Configuration Guide
Chapter 2 Setting up a User Agent
Configuring a User Agent
Step 2
Click the play button (
) to start the agent service.
The agent service starts.
Step 3
Click the stop button (
) to stop the agent service.
The agent service stops.
Step 4
Optionally, modify the
Agent Name
for the agent, which defaults to
SFADUA
. You can enter letters,
numbers, underscores (
_
), and dashes (
-
).
Step 5
Optionally, for Version 5.2 and later, to change the frequency the agent checks for logoff data, select a
time period from the
time period from the
Logout Check Frequency
drop-down list. Select
0
to disable checking for logoff data.
Step 6
Optionally, to change the agent scheduling priority, select a level from the
Priority
drop-down list. Select
High
only if your agent monitors and retrieves significant amounts of user activity.
Step 7
To save settings, click
Save
.
The updated settings are applied to the agent.
Step 8
Configuring User Agent Maintenance Settings
License:
FireSIGHT
In addition to configuration settings, the agent stores user-to-IP mapping information, the local event
log, and reporting state information in the SQL CE database. The agent Maintenance tab allows you to
clear portions of the database for maintenance purposes. You can clear cached user-to-IP mapping
information and local event log information. You can also clear the reporting state cache, which forces
a manual polling of the configured Active Directory servers.
log, and reporting state information in the SQL CE database. The agent Maintenance tab allows you to
clear portions of the database for maintenance purposes. You can clear cached user-to-IP mapping
information and local event log information. You can also clear the reporting state cache, which forces
a manual polling of the configured Active Directory servers.
Caution
Do not change any settings on the Maintenance tab unless Support directs you to do so.
To configure user agent maintenance settings:
Access:
Any
Step 1
Select the
Logs
tab.
Step 2
Select
Show Debug Messages in Log
to enable the
Maintenance
tab.
Step 3
Select the
Maintenance
tab.
Step 4
Click
Clear user mapping data cache
to clear all stored user-to-IP mapping data.
The agent deletes all stored user-to-IP mapping data from the local agent database. Stored user-to-IP
mapping data in the Defense Center database are not affected by clearing the local agent database.
mapping data in the Defense Center database are not affected by clearing the local agent database.
Step 5
Click
Clear logon event log cache
to clear all stored login event data.
The agent deletes all stored login event data from the local event log.
Step 6
Click
Clear reporting state cache
to clear data related to the last time the agent reported login and logoff
information to the configured Defense Centers.