Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

CSA User authentication auditing rule and Policy conflicts

Hi there

We have CSA 5.2 in our environment and i created a custom policy and added the 'user authentication auditing' rule and enabled auditing failure events on windows XP machine but i dont see any failure attempts in the CSA MC event log even though i tried to logon on with invalid passwords.What could be the reason for this.

Secondly i was wondering what happens when i apply two policies, Are the policy settings added and applied to the group or one policy gets priority over the other

Thanks for your anwers

Ahmed

2 REPLIES

Re: CSA User authentication auditing rule and Policy conflicts

All rules in all policies that are attached to a group get compared and prioritized by their specificity and action type, so if you attach two policies to a group, csa will generate a ruleset containing all the individual rules from those policies.

Blue

Re: CSA User authentication auditing rule and Policy conflicts

Have you checked the security event logs on the machines in question? If there are no events there, CSA cannot report them.

That's where CSA gets the info and by default, there is no account auditing in Windows XP.

You have to enable it either via group or local policy.

Tom

128
Views
0
Helpful
2
Replies
作成コンテンツを作成するには してください