We face an issue with huge number of authentication failure logs generated from DataMiner and we know the reason: when a user account configured for monitoring a network device (Microsoft platform elements mainly) and at a point where the account is no longer authorized to access the element, yet remains in the element record, the element eventually gets into communication timeout state.
This event triggers continues logon attempt to this element which is an InfoSec concern.
When InfoSec reports this, and to update this kind of elements, we will have to go through each of them and see if the specified account is configured which is long process to go through.
Could you please explain how can we find a specific account configured to monitor any of the elements? Or maybe the elements from a specific DMA?
Hi Ciao,
One thing you could do, is use the multiple set feature in Cube. You right click on one of those elements using that protocol, Microsoft Platform in this case. Then you choose Multiple Set and you select the Username parameter. This will show all the elements using that protocol with their current value for this parameter.
Example:
Probably you could also do something in dashboards, and you could also look at the timeout alarms, because all affected elements are in timeout...
Bert