Why is there "No User" in the username in the reports generated?
We are getting a lot of traffic for "No User" in the reports generated.
Probably NOT related to the following:
-Reporter server - Cloud hosted reporting
Reports are generated from the access logs the ProxySG gathered. These symptoms are the outcome of the reporting from its related access logs.
The probability is high that it is related to policy and authentication in user environments that causes some users access without being authenticated, hence the specific session without user credential information being recorded in the access log, the reporter and/or Cloud hosted reporting will list that as the "no user" in the username field.
Either by design or by intention, the ProxySG is not authenticating within a customer environment (using the do not authenticate request) by destination host/IP address or by client IP.
Authentication has failed, but requests are still being allowed in the policy.
Either by design or by intention, if the customer set "do not authenticate" on specific requests, and the customer would like this traffic to be excluded from the report, you can refer to the article below for specific steps.
FAQ2228 How can I generate Bandwidth used per Day of Month and exclude "No User" entry from Reporter?
If you believe your authentication has failed, and requests are still being allowed, gather the following data for analysis by Symantec Customer Support.
- SYSInfo - Event log - Access logs that found with this high number of "No User" in its report.
NOTE: Customers must supply the above information to Symantec Customer Support for analysis and resolve this issue.