Firemon assigns changes for 1 of 3 reasons based on the type of retrieval.
Manual Retrieval - a user with SIP Administration permissions queued a retrieval on demand.
Manual retrieval will show the user who initiated the retrieval. It won't show a device-end user name.
Scheduled Retrieval - the FireMon DC reached out to the device to check for change on a scheduled basis. Scheduled retrieval will show "DC_Automated" as the user.
Automatic (change-based) retrieval- The FireMon DC received a change syslog message, matched it to the device it belongs to, and initiated a retrieval.
The only time a user who pushed the change will display is for Automatic Retrieval, where the Data Collector receives a syslog message stating there was a change and reacts by retrieving a new configuration. Usually the message received contains the change user. Example "Commit job succeeded for user xxxx". In which case we display that user as the person who made a change. In some cases the change user is cached from an earlier syslog event that was processed.
Comments
0 comments
Article is closed for comments.