|
View previous topic :: View next topic
|
| Author |
Message |
Weilin Wen
New User
Joined: 09 May 2019
Posts: 1
Location: China
|
|
|
|
| A user got his ID revoked repeatedly, and from SMF log, I find the terminal ID NVCP1590. How can I interpret the terminal ID? Hopefully, the terminal ID can lead me to an IP address. |
|
| Back to top |
|
 |
vasanthz
Global Moderator
Joined: 28 Aug 2007
Posts: 1742
Location: Tirupur, India
|
|
|
|
You could trace the terminal ID to its corresponding IP address using SMF Type 119.
SMF 119 - subtype 2 records connection TCP connection terminal records.
You might need MXG to process SMF type 119 records.
If you have MXG, then
Create a PDB with Type 119 records.
Look at TYP11902 dataset in the PDB.
TTTELUNA has the TERMINAL ID(LU name)
TTRIP has the IP address of the terminal.
You can cross verify your finding, by making sure the password was revoked at the same as the SMF time on Type 119 records.
WHERE TTTELUNA = 'NVCP1590';
Hope this helps.
Vasanth.S |
|
| Back to top |
|
|
|
|
