Why is the SuperUser account showing up in the SMS audit logs, when no users are logged in with that account?

- Updated:
- 29 Dec 2017
- Product/Version:
- TippingPoint SMS All
- TippingPoint Virtual SMS
- Platform:

Summary

If the IPS default "SuperUser" account is "Enabled", then when ANY user with the SuperUser access level changes an account password, the SMS uses the default "SuperUser" account to modify the password, as indicated in the logs;

Details

Number	Time	User	Host	SessionID	Operation	Status
118,708	4/17/12 2:15:37 PM CDT	SuperUser	127.0.0.1	0	Set pwd.user-pwd=********	success
118,707	4/17/12 2:15:01 PM CDT	marktest	16.85.42.159	6	Modify user jmeuse	success

If on the other hand, the default "SuperUser” account is "Disabled", then when ANY user with the SuperUser access level changes an account password, the SMS uses that logged-in user to modify the password and the "Set pwd.user-pwd-*******" is not logged in the audit log;

Number	Time	User	Host	Session ID	Operation	Status
118,709	4/17/12 2:15:37 PM CDT	marktest	16.85.42.159	6	Modify user jmeuse	success

This issue is present on SMS 3.2.x and below. SMS v3.3.0 and above does not display alert in the audit logs. In addition, the SMS is not affected when the default "SuperUser" account is disabled.

Rating:

Category:

Configure; Troubleshoot; Deploy

Solution Id:

TP000098749

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.