Why are there 'Unknown' 'Anonymous' and 'Not Classified' names displayed in reports?

  • 2
  • Question
  • Updated 4 years ago
  • Answered
  • (Edited)
Photo of Andy

Andy

  • 44 Posts
  • 2 Reply Likes

Posted 6 years ago

  • 2
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes
In addition to the regular usernames displayed in reports, the following special names are frequently displayed

1. Unknown

Description - LANGuardian Identity Module is not configured to query any Active Directory Domain OR
LANGuardian queried a Domain, but could not find a logon record to match the client generating this flow or event.


Troubleshooting - LANGuardian needs to be configured to query an Active Directory domain OR To ensure all available domain login records are tracked by LANGuardian,
all Domain Controllers in a domain need to be queried. Review the list
of Domains and Domain Controllers currently queried by LANGuardian.
Some systems, such as File Servers or backup servers will generally not
have a domain user associated with them. The username for these systems
is then displayed as 'Unknown'. Static user names for these systems can
be created.

2. Not Classified

Description - LANGuardian has not yet queried the Domain Controllers to find a logon
record to match the client generating this flow or event. LANGuardian
updates the records about every 5 minutes.

Troubleshooting - The traffic marked as Not Classified typically is a small percentage of the overall traffic. If the percentage is high, review how long it takes to query each Domain Controller. If the query time is longer than 5 minutes, then contact NetFort Support for advice.

3. Anonymous

Description - LANGuardian queried the Domain Controllers and found a logon record to
match the client generating this flow or event. The username returned by
the Domain Controller was 'Anonymous'.

Troubleshooting - For information on Windows Domain Anonymous Logons, see here
(Edited)