UTLite Log and understanding operation

rtjensen4 · ‎01-27-2010

Hello,

I'm trying to better understand how UTLite works and how it interacts with CW.

We use a tool called "Desktop Authority" to manage policy on our PCs. When a user logs in, they authenticate to AD, then desktop authority takes over and works its magic making sure the proper drives are mapped, the user has their printers mapped etc etc. I've gotten UTlite to run via DA, and i THINK that's working, but I don't see any additional information in my user tracking. At one point I was seeing maybe 15 usernames in user tracking, but those have since disappeared and I'm now only seeing myself login and my boss. I think it's somthing to do with desktop authority, so i'm not going to address that here. My user tracking is currently showing just under 1600 hosts. I've enabled debug to Utlite and this is what I see:

2010/01/27 15:41:46 Thread-5 utlite DEBUG UtliteDBConnectionThread: LogIn event is received for (DBID: 576503934318149632, MAC: 08:00:27:46:18:A6, IP: 192.168.110.81, Username: <uname>r@fcu.local)
2010/01/27 15:41:46 Thread-5 utlite DEBUG UtliteDBConnectionThread: Login event was NOT updated to DB [MAC:08:00:27:46:18:A6] hence remove this entry from cache
2010/01/27 15:41:46 Thread-5 utlite DEBUG UtliteDBConnectionThread: LogIn event is received for (DBID: 71785811183534080, MAC: 00:FF:08:D0:9F:82, IP: 0.0.0.0, Username: <uname>@fcu.local)
2010/01/27 15:41:46 Thread-5 utlite DEBUG UtliteDBConnectionThread: Login event was NOT updated to DB [MAC:00:FF:08:D0:9F:82] hence remove this entry from cache
2010/01/27 15:45:10 Thread-9 utlite DEBUG SocketListener: Packets received: 3957

Why is it not updating the DB? I sesarched for this PC (192.168.110.81) in user tracking and it shows up in there as "active".

Also, what does this log message mean?

2010/01/27 11:15:10 Thread-3 utlite DEBUG UtliteDBConnectionThread: LogIn event is received for (DBID: 9459289990955008, MAC: 00:21:9B:2C:93:BD, IP: 192.168.110.71, Username: <uname2>@fcu.local)
2010/01/27 11:15:10 Thread-3 utlite DEBUG UtliteDBConnectionThread: Login event was updated to DB [MAC:00:21:9B:2C:93:BD,Num of rows affected:1] hence cache entry preserved to prevent flooding, the dbid is corrected to 9459289990955008

Also, I see when a user logs out of the PC, there are Logoff events that appear in the log. If User A logs into the PC from 8a to 5p, does the user tracking get updated with the users name when they login and then the username is disassociated with the PC when they log off?

What's a good frequency to run User Tracking? Daily? Every 3 hours? When a user logs in, will their username instantly appear in the user tracking report? Or will it appear once user tracking runs again? Thanks!

Message was edited by: rtjensen4 I should Note that I'm using CM 5.2

Joe Clarke · ‎01-29-2010

UTLite cannot cause new entries to appear in UT. The messages saying that the database was not updated mean that the UTLITE daemon got a UTLite update for a MAC address which was not already in UT. The second set of messages indicate that a MAC entry DID exist in UT for 00:21:9B:2C:93:BD, and thus the entry was updated with the username data.

When UTLITE updates the UT database, that update should appear immediately. So, if a user logs in, and UTLite sends a login packet, UTLITE should update the ani database with the new username (and IP). That entry will remain in the database until the user logs out. At which time, UTLITE will remove the username info from UT. However, the user should still be visible in UT history. That is, you should be able to run a UT history report, and see when the user logged in, then logged out.