This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS Collectors not coinciding with users/groups web traffic (http.log)

Hello All,

 

  I got off of the phone a few hours ago with support.  

Here is the issue: 

I logged into my laptop, just had installed Win 10 latest edition, then proceeded to install Google Chrome.

I was being blocked from downloading Chrome.  After a few greps to http.log, I noticed that my IP address/and my traffic was being used by 

another user.  

This user has not onsite and was not on shift. They also did not have the same rights as my policy (hence why I was not able 

to download Chrome).

I also have our DHCP server(s) issue/release IPs every 8 hours.  The user that was on the http.log was onsite last Friday, way outside the

8 hours lease limit. They use a laptop and are normally only here bi-monthly. And...... I have our VPN DHCP pool setup on a different subnet. 

The support tech and I noticed that all 3 STAS collectors' DBs had no instance of this user/IP address combo.  

So we were confused as to where the username/IP were stemming from,if not STAS. 

Note: I was told a few months ago by a tech that the UTM will sometimes re-use cached authenticated accounts for other authenticated users.

This was not something that we were comfortable with, however it seems to be happening again. 

Does anyone know of a way to keep this from happening? You can imagine the implications this has produced.

Here is what I have done so far: 

- Flushed Authentication Cache

- Removed any old STAS DB entries (older than two weeks)

 

I am supposed to receive a call from a level 2 support tech in the near future. 

 

Have a good day all. 

 

 



This thread was automatically locked due to age.
Parents
  • Whatever became of this, Mario.  Did support determine that it's a bug?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Whatever became of this, Mario.  Did support determine that it's a bug?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data