Excessive logins reported in audit log after executing a DLP 16.x compatible API client
Article ID: 281303
Updated On:
Products
Data Loss Prevention
Issue/Introduction
When reviewing the audit log in DLP 16.0 RU1, a series of logins appear from a named api client. A minimum of 5 logins may be present, up to and including several hundred (or thousand), depending on the incident report.
Environment
DLP 16.0RU1
Resolution
The expectation is a single login will be reported in the localhost log, and multiple logins, one for each incident retrieved by the API, in the audit log table.
Localhost_access log will show each GET request corresponds to an audit log entry by the API user.
Feedback
Yes
No
Powered by
