Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
0
Helpful
2
Replies

CSA User authentication auditing rule and Policy conflicts

sheikh ahmed zubedi
Level 1
Level 1

‎05-09-2009 06:39 AM - edited ‎02-21-2020 10:23 AM

Hi there

We have CSA 5.2 in our environment and i created a custom policy and added the 'user authentication auditing' rule and enabled auditing failure events on windows XP machine but i dont see any failure attempts in the CSA MC event log even though i tried to logon on with invalid passwords.What could be the reason for this.

Secondly i was wondering what happens when i apply two policies, Are the policy settings added and applied to the group or one policy gets priority over the other

Thanks for your anwers

Ahmed

Labels:
0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

‎05-12-2009 02:05 AM

All rules in all policies that are attached to a group get compared and prioritized by their specificity and action type, so if you attach two policies to a group, csa will generate a ruleset containing all the individual rules from those policies.

0 Helpful

tsteger1
Level 8
Level 8

‎05-13-2009 12:49 PM

Have you checked the security event logs on the machines in question? If there are no events there, CSA cannot report them.

That's where CSA gets the info and by default, there is no account auditing in Windows XP.

You have to enable it either via group or local policy.

Tom

0 Helpful
Customers Also Viewed These Support Documents