2 Replies Latest reply: Jan 21, 2015 5:46 PM by Roberto Medellin RSS

    How to determine what sessions where denied?

    Roberto Medellin

      Hello Friends!

      I loaded the Session Logs to QlikView, and I can see what user (LanID) opened what document, at what time, and all. But I cannot determine which sessions were denied.

      We have Session CALs, and Usage CALs, but they have not been enough. So I'm trying to build an analysis to know how much to purchase, but I can't tell which are succsessfull sessions, and which ones were denied.

      How can I tell?

       

       

      More info

      "Exit Reason" is not helping me.

      The Event log shows me when an Access is Denied, but I can't associate it to the Session log.

      By "Original CAL Type" is not helping wither. There's "None" when it seems they used a license and were able to get a session going.

       

      Regards.

        • Re: How to determine what sessions where denied?
          Marcus Sommer

          I think within the session-logs are only valid sessions therefore nothing about denied sessions. But a linking to the event-log could be possible and helpful per the timestamp-field. Maybe it needs a little bit blurring with one or two seconds. But it could you give the ratio between used CAL's and denieded access. Maybe you could use or customize already built apps - have a search here to GovernanceDashborad and GovernanceMaterials.

           

          Another possibilty could be to check (and maybe associate) log-files from web-server: http://community.qlik.com/message/693724#693724.

           

          - Marcus

            • Re: How to determine what sessions where denied?
              Roberto Medellin

              Thanks Marcus.

              Yes I've used the Governance Dashboard and QlikView System Ops Monitor, plus I've made my own App. But the few seconds of difference makes it unreliable, but well I did some statistics and calculations and I'm almost done.

               

              If it helps anyone, In "Events" log, there's Message, so in the script I added:

              IF(LEFT(Message,24)='CAL usage: Access denied',1) as DeniedCounter,

              So letter I could graph SUM( DeniedCounter ) by month, or by day ("date" actually) and found out we are loosing 20 sessions a day, many ceros, but many more non zeros, with numbers up to 400 a day!

               

              Who exactly did we lost, and to what document? Well we cannot know for certain but I distibute them according to what "Sessions" log tells me it's more popular.