2 weeks ago
is there any way to skip some local app users from appearing in the audit analyzer.
I tried dash.user.skiplist from centrifyda.conf but it not working !!
there is a user for application login 1000 times per hour my database size grow each day 5 to 7 GB.
so I think by skipping those users can reduce my audit datastore size by MB rather than GB.
2 weeks ago - last edited 2 weeks ago
Welcome to the Centrify forums.
As moderation, it's important to let us know the OS version, architecture and versions of Centrify DirectControl and DirectAudit in question. This way we know if you may be using a version that has known issues.
That being said, if you suspect that a parameter is not working as expected, feel free to leverage support. As a current Direct Audit customer you are entitled to 24x7 support.
When applying new parameters, please make sure you either run the dareload command or restart the CentrifyDA service. You can also determine what parameters have been modified by using the
dainfo --config command.
Finally, keep in mind that something that the dash.user.skiplist parameter provides flexibility in certain scenarios, completely skipping a user from audit may violate the security principle of auditing access control events. If your system is bound by financial, healthcare or card data regulations, this is not advisable. Perhaps the method being used that produces 1000 logins per hour should be revised as well, this is a performance tax. Not knowing how the application is architected, modern apps usually give you a token with a specific lifetime that can compensate for that method (I also understand that you may have no control on how this is implemented too).
If you want to follow this thread:
- Produce the versions of CentrifyDC (adinfo -v), CentrifyDA (dainfo -v) and operating system.
- Produce the output of dainfo --config
If you're using a current version of DA and the parameter is confirmed to be a working parameter but it still does not work, it's time for support to take a deeper look.
Let us know if this helps.