Live Sessions
The following table describes the fields in the Live Sessions window, which displays live sessions. From the main menu bar, choose Live Sessions.
Field Name |
Description |
---|---|
Initiated |
Shows the timestamp when the session was initiated. |
Updated |
Shows the timestamp when the session was last updated due to any change. |
Account Session Time |
Shows the time span (in seconds) of a user's session. |
Session Status |
Shows the current status of the endpoint device. |
Action |
Click the Actions icon to open the Actions pop-up window. You can do the following:
|
Endpoint ID |
Shows the unique identifier for an endpoint, usually a MAC or IP address. |
Identity |
Shows the username of the endpoint device. |
IP Address |
Shows the IP address of the endpoint device. |
Server |
Indicates the PIC node from which the log was generated. |
Auth Method |
Shows the authentication method that is used by the RADIUS protocol, such as Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), IEE 802.1x or dot1x, and the like. |
Session Source |
Indicates whether it is a RADIUS session or PassiveID session. |
User Domain Name |
Shows the registered DNS name of the user. |
User NetBIOS Name |
Shows the NetBIOS name of the user. |
Provider |
Endpoint events are learned from different syslog sources. These syslog sources are referred to as providers.
When two events from different providers are learned from an endpoint session, the providers are displayed as comma-separated values in the live sessions page. |
MAC Address |
Shows the MAC address of a client. |
Endpoint Check Time |
Shows the time at which the endpoint was last checked by the endpoint probe. |
Endpoint Check Result |
Shows the result of an endpoint probe. The possible values are:
|
Source Port Start |
(Values are displayed only for the REST provider) Shows the first port number in a port range. |
Source Port End |
(Values are displayed only for the REST provider) Shows the last port number in a port range. |
Source First Port |
(Values are displayed only for the REST provider) Shows the first port allocated by the Terminal Server (TS) Agent. A Terminal Server (TS) refers to a server or network device that allows multiple endpoints to connect to it without a modem or network interface and facilities the connection of the multiple endpoints to a LAN network. The multiple endpoints appear to have the same IP address and therefore it is difficult to identify the IP address of a specific user. Consequently, to identify a specific user, a TS Agent is installed in the server, which allocates a port range to each user. This helps create an IP address-port-user mapping. |
TS Agent ID |
(Values are displayed only for the REST provider) Shows the unique identity of the Terminal Server (TS) agent that is installed on an endpoint. |
AD User Resolved Identities |
(Values are displayed only for AD user) Shows the potential accounts that matched. |
AD User Resolved DNs |
(Values are displayed only for AD user) Shows the Distinguished Name of AD user, for example, CN=chris,CN=Users,DC=R1,DC=com |