This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ld3d
Participant
‎2021-08-02 06:14 AM

WEB_API constant log in - log out

Hello guys,

I dont know if someone already experienced similar behaviour but, on the Audit Logs tab am having my username constantly logging in and logging out messages (as shown below). I am using the MDS environment and I have tried to kill some related processes, but the issue is still the same.

To clarify only :
I am able normally to log in (and work) to all of my domains but when I take look at my Audit logs tab, I have every second the log entry showing log off and log on.....

Does it make some sense to any of you guys?

Thanks in advance for the help!

 

 

 

 

Preview file
38 KB
Preview file
35 KB
Preview file
18 KB
0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2021-08-02 08:42 AM

The only time I would expect to see logs like that is if someone’s running mgmt_cli -r true.
Do you have any scripts calling that?

ld3d
Participant
‎2021-08-03 01:24 AM
In response to PhoneBoy

As a colleague who was here before me left the company, I am not able to say that with 100% certainty.

Is there a way to determine that some scripts are still working? Some command or something?

The username is inherited from him....

Thanks!

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-03 01:40 AM
In response to ld3d

WEB_API is the standard username used when mgmt_cli -r true is invoked.
I would review any cron jobs on the management and see what scripts are running.

0 Kudos
garretth
Employee Alumnus
Employee Alumnus
‎2021-12-30 12:30 PM
In response to PhoneBoy

I recently got a reply from a Teams thread that said-

The issue is caused by a bug that runs upgrade PUV every time the DA is updated (every 3 hours).
it was fixed, and should be released in the next DA pkg.
 
Is there any documentation to verify this for customers?
 
0 Kudos
daemonkenji
Explorer
‎2023-01-09 07:10 PM
In response to garretth

Hello Garretth,

 

Could you please clarify more about what are PUV and DA?

 

We are having the same issue WEB_API constant login/logout. Moreover, we have another issue which is the WEB_API keep publishing a lot of revisions every 3 minutes although there is nothing change of configuration. And we are not sure if both issue is related.

 

Regards

0 Kudos
bob111
Collaborator
‎2023-02-13 04:48 AM
In response to PhoneBoy

Hello, could it because I have a log exporter running?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-13 06:09 AM
In response to bob111

Possibly, but can't say for sure.
If you want to get to the bottom of it, a TAC case is probably in order.

ldvc
Explorer
‎2024-10-28 02:22 AM

Hello,

It's not an issue following this SecureKnowledge: sk179685

You can still use the query syntax "NOT administrator:WEB_API " in the search bar to hide all these messages 

Martin_Raska
Advisor
Advisor
‎2024-11-22 12:43 AM

 

Hello,

we have the same problem. This is not a standard behavior. If I kill the sessions, it will recreate again and keep logging in and out.

its R81.20 JHF 53

There are no cron jobs.

Preview file
67 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events