Trying to get an idea of how other users of UDT find the information within the product. For me its not very accurate.
I have UDT added to all my Juniper and Cisco switches. I also have event log rights watching all my global domain controllers. That isn't a problem
What I do find is whatever mechanism UDT uses to map the Windows event log entry that ties my username/IP to an endpoint/mac is what is failing miserably.
For example my login account I can see UDT is reporting that I am logging into a number of other users laptops/endpoints that I know for a fact I am not. My assumption is during the login mapping to endponit it may be pulling and old DNS or lookup entry for networks like wifi that are always changing IPs via dhcp. Whatever the case may be it is not accurate.
Similarly if you dig into my personal laptop endpoint page it will show many other users logging into my machine that I know have never done so. Again probably tied to many of them being on same wifi segment as me and UDT not doing well with mapping them correctly.
Anyone else run into this headache? For me the product is pretty worthless if it can't track down accurate user to device mappings.
Active directory provides only IP, the user name and login time in events we can poll. Therefore, users are tied to IP addresses only and not to MACs whic are more unique identifiers. This of course doesn't ultimately tell you anything in case endpoint IP changes often (DHCP).
Thanks for the reply.
I figured that was the mechanism and the problem area. Does UDT first try to tie the learned IP address from the event log to a MAC learned from the switch arp/mac table polling or does it use DNS as well?
Either way I think for dynamic environments UDT information isn't very accurate unfortunately. The reason we got it was to try and map what users had what ips at what times and their locations but with the erroneous mappings it doesn't allow me to say for sure what those answers may be.
Right now we don't tie users to MACs at all. It would surely be beneficial for UDT to consider only a set of MAC - IP - DNS in a given time as a set defining an unique endpoint. Such change would however require huge investment of time to completely rebuild the architecture...
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.