Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Understand Directories and Duplicate Users

Introduction

Web Reporter has the ability to integrate with external directories which allows things such as reports based on group membership. The purpose of this community article is to clarify some of the common issues, and answer some of the questions in relation to directory integration.In particular, when changes to directories are made after log data has been loaded into the system.

When a log data is imported in Web Reporter, it will be processed using the configuration oft he log source at the time of the import. Changes to the log source configuration do not affect log parsing jobs waiting in the queue, or data already imported into the database. If the log source does not have a directory associated with it at the time of import, users will be assigned to the anonymous directory, which is represented with a dash, and sometimes referred to as"the dash" directory.

When adding a new external directory and assigning it to a log source, data that had been previously imported is NOT automatically associated with the new directory. All existing users will still be assigned to the anonymous (dash) directory.

When new access logs are imported, new users are created with the same name, but associated with the external directory. Although the users share the same name, they are effectively duplicate users because they belong to separate directories. (see screenshot below)

However, this issue of seeing duplicate users can be avoided by following the procedure below to synchronize users when adding a directory to an existing log source.

Instructions for Adding a Directory to an Existing Log Source

  1. Disable log sources.
  • Go to Administration > Setup > Log Sources
  • Select all of your log sources and click Edit
  • Check "Disable this log source" in the top-right corner
  • Click OK to save changes
  1. Wait for existing log parsing jobs to complete. Log parsing jobs can be viewed under Administration > Setup > Log Sources > Jobs
  2. If you haven't created your external directory, you can do it now. Then attach the directory to your log source.
  3. Synchronize users in the anonymous (dash) directory. If the users are not synced with the newly created (external) directory before new data is imported this will cause duplicate usernames to show in two directories.
  • Go to Administration > Tools > Database Maintenance > Manual Maintenance
  • Click Synchronize Users. The status of the maintenance job can be monitored on the Status tab
  1. Enable Log sources following the same process as step 1.

Common Issues Caused by Duplicate Users

Unfortunately, if you are seeing duplicate users, it isn't possible to reverse this. The synchronize users function cannot move users to a directory when a user of the same name exists in the target directory. At some point the existing data associated with the old directory will be deleted. If you find that you are in this situation there are ways that you can deal with it.

Duplicate user names in filter search results

When creating user filters, the search results will show all users with the same name. This can cause confusion because you do not know which user belongs to which directory.

Either you can include all copies of the same user name, or enable "display directory names" to distinguish the users. While this doesn't fix anything, it may help reduce confusion about the results. Administration > Options > General > User and Group Names

clipboard_ecc28fd684d58a117a500ecd4b9f04965.png

Displaying directory names will help distinguish the users.

clipboard_e2a8db8d455dc4ce9674b8545a4ee8540.png

Duplicate user names in report results

Duplicate usernames in report results can be confusing. Unfortunately there is very little that can be done.

clipboard_e9479372519e505cc357fc23bf9a8b6f3.png

Either enable "displaying directory names" as outlined in previous example or reimport log data. But to reimport the data, you need to identify which days need to be deleted and then you need to have the original log fi les. This is a time consuming, manual process that isn't a practical solution. Most people prefer to live with the duplicate users until their data becomes old and is deleted as part of Database Maintenance.

 

FAQ

Why is there one user associated with two separate directories?

This can occur when users are not synchronized with the newly added directory before Web Reporter processes new data. This will leave the user associated with two directories - one user in the Anonymous or ("-" - Dash) directory "-\jdoe" , and one in the newly created directory"...\jdoe".

Is it possible to merge users that exist in multiple external directories?

Unfortunately this is not a possibility

Why do the reports I run for a user currently show no data associated with the user?

It could be possible that a report is ran for a user that is associated to the anonymous directory and no longer has data. When creating the user filter in your report, be sure to include all copies of the user name.

How do I know which of the two users has the data associated with it?

You can run a summary report that includes the user name, directory, and hits. Users that do not have data will not be listed on the report

Is it possible to delete old directories that don't have any data?

Unfortunately no, it is not possible to remove old references.
When is the best time to manually synchronize the users?

As a best practice the best time to manually synchronize the users is immediately after creating and adding the new directory. Administration > Database Maintenance > Manual Maintenance> Synchronize Users. This will help alleviate some of the chance that users will show up in two separate directories.

  • Was this article helpful?