Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ED
Advisor

Application log shows different usernames

Jump to solution

Hi,

This is a screenshot from an Application log which shows me two different usernames.

Marked with orange and number 1 have the same username. Marked with blue is a different username. Why is destination user name different from the User field?

0 Kudos
1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor

Because user b logged in to the database server (on the windows system) and the IP of the server was associated with this user.

A session from user a only shows this information as this information was not deleted (has not timed out).

View solution in original post

0 Kudos
7 Replies
Norbert_Bohusch
Advisor

Destination Username is the one associated to destination IP.

0 Kudos
ED
Advisor

Associated in which way? Can you explain more please. 

0 Kudos
Norbert_Bohusch
Advisor

By identity awareness depending on your configuration. I assume ADquery or IDC.

0 Kudos
ED
Advisor

I understand that. But if user a access a MS-SQL database, why is a different user b shown on destination username?

0 Kudos
Norbert_Bohusch
Advisor

Because user b logged in to the database server (on the windows system) and the IP of the server was associated with this user.

A session from user a only shows this information as this information was not deleted (has not timed out).

View solution in original post

0 Kudos
ED
Advisor

Thanks for explaining. Since this was a correlated log showing user a accessing a database I don't see the point in this log of having the information about user b that is associated with that server. Do you?

0 Kudos
Norbert_Bohusch
Advisor

I wouldn't need this information, but better have an information I don't need, than omitting it 🙂

Btw. if you don't need identity awareness on your servers (as source), you could exclude the server networks generally from IDC or ADquery.

0 Kudos