Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[JIMS] Obtaining information about user IP addresses on JIMS

0

0

Article ID: KB34104 KB Last Updated: 15 May 2019Version: 1.0
Summary:

This article describes how to obtain the following information on Juniper Identity Management Service (JIMS):

  • Number of active users (IP addresses)

  • List of IP addresses received from Active Directory/Domain Controller

  • List of IP addresses reported to the SRX device

 

Solution:

Note: The information in this article was compiled based on JIMS version 1.1.3.

  • Number of active users (IP addresses):
    • This number can be found by navigating to Summary > Active > Sessions on the Juniper Identity Management Service - Administrative Interface. For more information, see KB34105 - [JIMS] Meaning of "Active" objects in JIMS Status Summary explained.

    • This number refers to the number of users reported from Active Directory/Domain Controller. When multiple SRX devices are registered in JIMS, these users are reported to each SRX device.

    • However, the number of IP addresses being reported to individual SRX devices is not available because JIMS does not have a counter for it.


  • List of IP addresses received from AD/DC:

    • The following log can provide the IP addresses learnt from DC and AD. (Navigate to Settings > Logging > Log Detail Selection > Sessions > Standard. (Do not set the log level to None for any log type.)

Session log of user logon

01/22/2019 17:14:38: (Fsm:Standard)  session '198.51.100.1' state machine event 'User On',  transition 'Init'  => 'Incomplete'
01/22/2019 17:14:38: (Fsm:Standard)  session '198.51.100.1' state machine event 'Timeout',  transition 'Incomplete'  => 'Reported'

Session log of user logoff

01/22/2019 17:19:38: (Fsm:Standard)  session '198.51.100.1' state machine event 'Timeout',  transition 'Reported'  => 'Reported'
01/22/2019 17:19:38: (Fsm:Standard)  session '198.51.100.1' state machine event 'Give up',  transition 'Reported'  => 'Init'
 
  • List of IP addresses reported to the SRX device

    • The following log provides the list of IP addresses reported to the SRX device. Navigate to Settings > Logging > Log Detail Selection > Client > Detail. (Do not set the log level to None for any log type.)

      <Sample>

    • In the log, we can see a query from the SRX device with a configured interval (default:5 sec). After JIMS receives a logon event, it provides the IP address information to the SRX device after JIMS gets a query from the SRX device. These events can be seen in JIMS syslog.

    • 198.51.100.1 is the User IP address. 192.0.2.1 is the SRX device IP address.

01/22/2019 15:32:17: (Srx:Detail) JIMS Client 192.0.2.1 notification '/user_query/v2/ip/ip=0.0.0.0'
01/22/2019 15:32:17: (Srx:Standard) SRX Request from IP address 192.0.2.1
01/22/2019 15:32:17: (Srx:Standard) SRX: 192.0.2.1 , batch: hBAOM35dls, seq: 5; : IP filter is not active
01/22/2019 15:32:17: (Srx:Standard) SRX: 192.0.2.1 , batch: hBAOM35dls, seq: 5; : domain filter is not active
01/22/2019 15:32:17: (Srx:Standard) JIMS Client 192.0.2.1, batch: hBAOM35dls, seq: 5: subsequent request for 200 entries
01/22/2019 15:32:17: (Srx:Detail) SRX: 192.0.2.1 , batch: hBAOM35dls, seq: 5; : pulling ip address 198.51.100.1 <<<<<<
 

How to obtain the syslog file

  • The following screenshot shows the logging configuration view and the default directory where the logging files are located: C:\Program Files (x86)\Juniper Networks\Juniper Identity Management Service\logs.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search