This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
CarlosGaviria
Contributor
Contributor
‎2019-03-27 03:35 PM

Authentication Manager Replica does not receive authentication event

Jump to solution

Good afternoon,

Today we install a whole Authentication Manager solution with token seeds. As a test, we assign tokens to the admin users of the secure console only to prove their usability and to check in the real-time authentication activity monitor that the authentication attemps appears. We check that when the replica user logs in appears in the monitor, but when we tried to log in the primary, the monitor in the replica did not show the authentication attemps, not even the failed ones. Is this a normal behavoir or is there an error?

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
EdwardDavis
Employee
Employee
‎2019-03-27 04:49 PM

Jump to solution

This is normal.

 

The primary can watch real-time activity on all servers, including replicas (with slight delay).

 

Replicas can watch real-time activity on itself only, and quickly attempts to offload that to the primary logs.

 

Past events on replicas are logged and offloaded to the primary for viewing when running a report.

 

If there is a replica that cannot reach the primary, you can still view real-time activity on the replica Security Console, but you cannot view past events or make reports on activity that were not seen in the real-time monitor....the replica will start storing that activity in it's own database, hoping to send them to the primary eventually.

 

If the primary is down, and not coming back, a replica can be promoted to take the role of a new primary, and now that server can view and report on all past activity it was collecting and did not offload to the old primary. But while it is still a replica, the real-time monitor on the replica can see events for that replica only.

View solution in original post

Reply
1 Reply
EdwardDavis
Employee
Employee
‎2019-03-27 04:49 PM

Jump to solution

This is normal.

 

The primary can watch real-time activity on all servers, including replicas (with slight delay).

 

Replicas can watch real-time activity on itself only, and quickly attempts to offload that to the primary logs.

 

Past events on replicas are logged and offloaded to the primary for viewing when running a report.

 

If there is a replica that cannot reach the primary, you can still view real-time activity on the replica Security Console, but you cannot view past events or make reports on activity that were not seen in the real-time monitor....the replica will start storing that activity in it's own database, hoping to send them to the primary eventually.

 

If the primary is down, and not coming back, a replica can be promoted to take the role of a new primary, and now that server can view and report on all past activity it was collecting and did not offload to the old primary. But while it is still a replica, the real-time monitor on the replica can see events for that replica only.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.