Cisco ASA Series Cli Configuration Manual page 902

Monitoring the Identity Firewall
Monitoring AD Agents
You can monitor the AD Agent component of the Identity Firewall.
Use the following options of the show user-identity command to obtain troubleshooting information for
the AD Agent:
•
•
These commands display the following information about the primary and secondary AD Agents:
•
•
•
Monitoring Groups
You can monitor the user groups configured for the Identity Firewall.
Use the show user-identity group command to obtain troubleshooting information for the user groups
configured for the Identity Firewall:
displays the list of user groups in the following format:
domain\group_name
Monitoring Memory Usage for the Identity Firewall
You can monitor the memory usage that the Identity Firewall consumes on the ASA.
Use the show user-identity memory command to obtain troubleshooting information for the Identity
Firewall:
The command displays the memory usage in bytes of various modules in the Identity Firewall:
•
•
•
•
•
•
•
Note
How you configure the Identity Firewall to retrieve user information from the AD Agent impacts the
amount of memory used by the feature. You specify whether the ASA uses on demand retrieval or full
download retrieval. Selecting On Demand has the benefit of using less memory as only users of
Cisco ASA Series CLI Configuration Guide
1-22
show user-identity ad-agent
show user-identity ad-agent statistics
Status of the AD Agents
Status of the domains
Statistics for the AD Agents
Users
Groups
User Stats
LDAP
The ASA sends an LDAP query for the Active Directory groups configured on the Active Directory
server. The Active Directory server authenticates users and generates user logon security logs.
AD Agent
Miscellaneous
Total Memory Usage
Chapter 1 Configuring the Identity Firewall