Hi
on a lab environment the logs are always and only "Log in" so no "log out" or "failed log in" logs:
Wireshark between the AD and the machine where IDC is installed shows this when trying wrong password, log in and log out:
In production environment the logs are "failed log in" or "log out" and no "log in" logs:
running wireshark between AD and the machine where IDC is installed shows no LDAP or kerberos packets between these machines, it shows only DCERPC packets!
the machine where IDC is installed is 10.32.0.166, same machine i run wireshark:
ip.addr == 10.8.0.12 and ldap shows nothing
ip.addr == 10.8.0.12 and kerberos shows nothing
only ip.addr == 10.8.0.12 and dcerpc shows this:
The question is why on lab environment I get only "log in" logs and why on production I get only "failed log in" or "log out" By the way the "failed log in" logs are not accurate because my environment is running with no problem.
| User | Count |
|---|---|
| 18 | |
| 14 | |
| 8 | |
| 7 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 02 May 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WANThu 02 May 2024 @ 05:00 PM (CEST)
SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single WeekendThu 09 May 2024 @ 05:00 PM (CEST)
Under the Hood: Automate Azure Virtual WAN security deployments with TerraformThu 02 May 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WANThu 02 May 2024 @ 05:00 PM (CEST)
SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single WeekendThu 16 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - ACHTUNG, Sie werden gehackt! So schützen Sie sich!Fri 17 May 2024 @ 10:00 AM (CEST)
CheckMates Live Netherlands - Sessie 26: ElasticXL & VSNext Description
