Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 12039 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logoff Dectection STAS

Huy Vu

Hi all,

I have a testcase, I integrated AD with Sophos XG and use STAS. I configured user Test can access to internet, I log on user Test to the machine. Then I log off user Test and log on local account to the this machine. Just like the rule this machine can't access to internet, but this machine still can access to internet with user Test.

I'm tried configuring "Logoff Detection" with guide: https://community.sophos.com/kb/en-us/123020 but failed.

And now, I want to check "Logoff Dection" with EventLog (not WMI), How I can?



This thread was automatically locked due to age.
Parents
  • 0

    EventLog just don't have a definitly clue about that. If a client force power off and login into local user, there just no logoff event anywhere. So you need to use WMI to query which user is logged in to determine if user has logged out or not.

    We go with sso client partly because of that and wmi remote access is hard to do right. The client approach can do heartbeat communication with firewall and activly report user is still logged in.

Reply
  • 0

    EventLog just don't have a definitly clue about that. If a client force power off and login into local user, there just no logoff event anywhere. So you need to use WMI to query which user is logged in to determine if user has logged out or not.

    We go with sso client partly because of that and wmi remote access is hard to do right. The client approach can do heartbeat communication with firewall and activly report user is still logged in.

Children