Palo Alto Networks Knowledgebase: How to Clear and Verify User-to-IP Mapping for an Ignored User

How to Clear and Verify User-to-IP Mapping for an Ignored User

13502
Created On 08/05/19 19:23 PM - Last Updated 08/05/19 19:48 PM
User-ID
Resolution

Overview

Once the username is added to the Ignore User list, it is important to delete the user's IP-mapping (if it already exists) from both the dataplane (DP) and the management plane (MP) after committing the changes. A common mistake is to delete the mapping from the DP, but not from the MP, which pushes the mapping to the DP and the user remains identified.

 

Details

Verify if the user is being ignored by tailing the useridd.log (if using agentless). If using an agent, these logs will be seen in the Uadebug.log file in the User-ID Agent's directory:

> tail follow yes mp-log useridd.log

Oct 21 11:44:22 pan_user_id_ipuser_add(pan_user_id_ipuser.c:601): user domain\username is in ignore list

Oct 21 11:44:22 pan_user_id_ipuser_add(pan_user_id_ipuser.c:601): user domain\username is in ignore list

 

To turn on debug-level logging for User-ID, run the following commands:

> debug user-id on debug

> debug user-id set userid basic

 

Use the commands below to turn off the debug level and the User-ID basic logging, after a specific duration:

> debug user-id on info

> debug user-id unset all

 

The following commands can be used to clear the mapping:

> clear user-cache-mp ip <IP-address>  //user-cache-mp   (Clear management plane user cache)

> clear user-cache ip <IP-address>  //user-cache      (Clear dataplane user cache)

 

> show user ip-user-mapping ip <ip>

No matched record

 

See Also

Refer to the following articles to add or delete users on the Ignore User list when using the Agentless User-ID, or using the User-ID Agent:

How to Add/Delete Users from Ignore User List using Agentless User-ID

How to Ignore Users in User-ID Agent

 

owner: apasupulati



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpmCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language