Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[BA] Shutdown detection has no data–user is in the root group

Posted
Updated
Byadmin
Views2

Problem Description

The organizational structure and shutdown detection rules are configured in BA, but there is no data in the shutdown detection.

Process——

  1. Check the audit policy and verify that it has been enabled correctly.

    391405b8ba3385c4e4.png (115.83 KB)
  2. Shutdown detection is the traffic between 0:00-6:00 in the morning, to check whether the data center has any users with traffic during this time period;

    321155b8ba38900ba2.png (268.86 KB)
  3. No whitelist is configured in shutdown detection;

    595565b8ba3bf80b5a.png (86.94 KB)

Root cause

Users go online with the root group's permissions, and BA will not analyze user data under the root group.

solution

Modify the authentication policy so that the user who needs to be detected is not in the root group.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6412&isOpen=true