[JIMS] Obtaining information about user IP addresses on JIMS

  [KB34104] Show Article Properties


Summary:

This article describes how to obtain the following information on Juniper Identity Management Service (JIMS):

  • Number of active users (IP addresses)

  • List of IP addresses received from Active Directory/Domain Controller

  • List of IP addresses reported to the SRX device

 

Solution:

Note: The information in this article was compiled based on JIMS version 1.1.3.

  • Number of active users (IP addresses):
    • This number can be found by navigating to Summary > Active > Sessions on the Juniper Identity Management Service - Administrative Interface. For more information, see KB34105 - [JIMS] Meaning of "Active" objects in JIMS Status Summary explained.

    • This number refers to the number of users reported from Active Directory/Domain Controller. When multiple SRX devices are registered in JIMS, these users are reported to each SRX device.

    • However, the number of IP addresses being reported to individual SRX devices is not available because JIMS does not have a counter for it.


  • List of IP addresses received from AD/DC:

    • The following log can provide the IP addresses learnt from DC and AD. (Navigate to Settings > Logging > Log Detail Selection > Sessions > Standard. (Do not set the log level to None for any log type.)

Session log of user logon

01/22/2019 17:14:38: (Fsm:Standard)  session '198.51.100.1' state machine event 'User On',  transition 'Init'  => 'Incomplete'
01/22/2019 17:14:38: (Fsm:Standard)  session '198.51.100.1' state machine event 'Timeout',  transition 'Incomplete'  => 'Reported'

Session log of user logoff

01/22/2019 17:19:38: (Fsm:Standard)  session '198.51.100.1' state machine event 'Timeout',  transition 'Reported'  => 'Reported'
01/22/2019 17:19:38: (Fsm:Standard)  session '198.51.100.1' state machine event 'Give up',  transition 'Reported'  => 'Init'
 
  • List of IP addresses reported to the SRX device

    • The following log provides the list of IP addresses reported to the SRX device. Navigate to Settings > Logging > Log Detail Selection > Client > Detail. (Do not set the log level to None for any log type.)

      <Sample>

    • In the log, we can see a query from the SRX device with a configured interval (default:5 sec). After JIMS receives a logon event, it provides the IP address information to the SRX device after JIMS gets a query from the SRX device. These events can be seen in JIMS syslog.

    • 198.51.100.1 is the User IP address. 192.0.2.1 is the SRX device IP address.

01/22/2019 15:32:17: (Srx:Detail) JIMS Client 192.0.2.1 notification '/user_query/v2/ip/ip=0.0.0.0'
01/22/2019 15:32:17: (Srx:Standard) SRX Request from IP address 192.0.2.1
01/22/2019 15:32:17: (Srx:Standard) SRX: 192.0.2.1 , batch: hBAOM35dls, seq: 5; : IP filter is not active
01/22/2019 15:32:17: (Srx:Standard) SRX: 192.0.2.1 , batch: hBAOM35dls, seq: 5; : domain filter is not active
01/22/2019 15:32:17: (Srx:Standard) JIMS Client 192.0.2.1, batch: hBAOM35dls, seq: 5: subsequent request for 200 entries
01/22/2019 15:32:17: (Srx:Detail) SRX: 192.0.2.1 , batch: hBAOM35dls, seq: 5; : pulling ip address 198.51.100.1 <<<<<<
 

How to obtain the syslog file

  • The following screenshot shows the logging configuration view and the default directory where the logging files are located: C:\Program Files (x86)\Juniper Networks\Juniper Identity Management Service\logs.

 

Related Links: