1-22
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Identity Firewall
Monitoring the Identity Firewall
Monitoring AD Agents
You can monitor the AD Agent component of the Identity Firewall.
Use the following options of the show user-identity command to obtain troubleshooting information for
the AD Agent:
• show user-identity ad-agent
• show user-identity ad-agent statistics
These commands display the following information about the primary and secondary AD Agents:
• Status of the AD Agents
• Status of the domains
• Statistics for the AD Agents
Monitoring Groups
You can monitor the user groups configured for the Identity Firewall.
Use the show user-identity group command to obtain troubleshooting information for the user groups
configured for the Identity Firewall:
displays the list of user groups in the following format:
domain\group_name
Monitoring Memory Usage for the Identity Firewall
You can monitor the memory usage that the Identity Firewall consumes on the ASA.
Use the show user-identity memory command to obtain troubleshooting information for the Identity
Firewall:
The command displays the memory usage in bytes of various modules in the Identity Firewall:
• Users
• Groups
• User Stats
• LDAP
The ASA sends an LDAP query for the Active Directory groups configured on the Active Directory
server. The Active Directory server authenticates users and generates user logon security logs.
• AD Agent
• Miscellaneous
• Total Memory Usage
Note How you configure the Identity Firewall to retrieve user information from the AD Agent impacts the
amount of memory used by the feature. You specify whether the ASA uses on demand retrieval or full
download retrieval. Selecting On Demand has the benefit of using less memory as only users of
To Next Page
Loading...
Need help?
General
