Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

UDT should allow other ways to get AD login information

Both at my current job and a couple other prior jobs I've always had issues with the Active Directory folks buying in to UDT needing access to ALL of the Active Directory servers in order to attach a username to an endpoint.

Whether it be getting an account at all, getting (and keeping) the correct permissions on the account, having them let us know that they added a new AD server that should be polled, making sure the credentials work for the new AD server, etc. etc... All sorts of issues getting and maintaining the information needed to accomplish what UDT wants.

I'm proposing instead of UDT going out and polling the AD servers, maybe have a channel in which the information can be pushed into UDT. Whether it be Splunk or some other logging aggregator, I should think there should be a way to forward these messages to Orion.

Not only would this be easier in terms of configuration, ie: accepting log messages from a single source or maybe a couple. But, when a new AD source is added to the aggregator it should be automatically picked up.

I know somebody else had proposed utilizing Splunks API feature, which could work too. But I would think it would be easier for UDT to just accept a stream of events from the logging aggregator. No hassles with AD credentials, no worries about API programming.

Thoughts?

Find more posts tagged with

udt

active directory

Status: None

Comments

m_roberts

It would probably be difficult as SW are unlikely to do this against a single vendor such as Splunk, as that would restrict too many customers who do not have Splunk. I do very much like the idea though and having a method to allow any Log management platform that can perform an integration action e.g. call a REST service, etc. would make this more efficient and secure.

cnorborg

Not saying they have to do it against a single vendor, although many folks already use splunk. If they take in a flexible format that you can define somehow, it could work with anything, including their own logging products...

RaviK

Totally agree with the idea of having UDT to source information from an "alternative".

Even the next gen firewalls (like Palo Alto), SIEM tools (like QRadar) are already picking up the authentication logs from the Active Directory server(s). In large environments, this can be detrimental to the performance of both AD as well as Solarwinds if say we have more than 100 login events per sec in over 20+ AD servers with multiple trusted domains. UDT reaches out to the AD every 30 mins by default.

Maybe just pull in the login & logout event logs from our very own Orion Log Manager (running on the platform itself), or an external Kiwi Syslog, or a SIEM.

abdhijasharma nikhil.n csameer