If you are using Active Directory on Windows Server 2008 R2 for user and computer authentication, you can use it in conjunction with Usage monitoring to identify the users that are generating application traffic on your network. To do this, all monitoring points within a domain should be identified as part of a User Resolution Group. One member of that group must be designated as the Event Collector. The Event Collector is responsible for periodically receiving login records from the domain controller (via a secure SSL connection) on behalf of all members of the group. Once the User Resolution Group has been created and the domain controller is configured to communicate with the Event Controller, APM can identify the users that are generating application traffic by correlating login records from your domain controller to the hosts found in traffic flow records collected by Usage monitoring.

Create a User Resolution Group

To use the user resolution feature, you must create a User Resolution Group containing a list of monitoring points contained in the group and designating one monitoring point as the Event Controller.

To configure Usage monitoring for user resolution:

  1. Navigate to > User Resolution Setup.
  2. Click Introduction and follow the instructions.
  3. Click Event Collector and follow the instructions.
  4. Click Domain Controller and follow the instructions.
  5. If you are using a CA-signed certificate for SSL communications between the Event Controller and the domain controller, click Custom Certificate and follow the instructions.

Modify a User Resolution Group

After a User Resolution Group is created it can be modified if necessary.

To modify a User Resolution Group configuration:

  1. Navigate to > User Resolution Setup.
  2. Click Event Collector.
  3. For the User Resolution Group you want to modify, select > Edit.
  4. Update the fields according to the Event Collector instructions.
  5. Click Save.
    • The configuration is saved.
  6. Click Domain Controller and follow the instructions.
  7. If you are using a CA-signed certificate for SSL communications between the Event Controller and the domain controller, click Custom Certificate and follow the instructions.

Delete a User Resolution Group

After a User Resolution Group is created it can be deleted if necessary.

To delete a User Resolution Group:

  1. Navigate to > User Resolution Setup.
  2. For the User Resolution Group you want to delete, select > Delete.
  3. Click OK.
    • The User Resolution Group is deleted.

Modify a user resolution configuration file (nxlog.conf)

As part of the User Resolution Group creation, a user resolution configuration file (nxlog.conf) is created and then loaded onto the domain controller. It provides the information required by the domain controller to communicate with the Event Controller. The file can be modified if necessary.

To modify a user resolution configuration file:

  1. Navigate to > User Resolution Setup.
  2. Click Domain Controller.
  3. For the User Resolution Group associated with the user resolution configuration you want to modify, select > Generate Config.
  4. Update the fields as appropriate.
  5. Either click the “nxlog.conf” link or copy and paste the configuration text into an nxlog.conf file.
  6. Click OK.
    • The configuration is saved.
  7. Follow the Domain Controller instructions.
  8. If you are using a CA-signed certificate for SSL communications between the Event Controller and the domain controller, click Custom Certificate and follow the instructions.