36-26
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter36 Configuring the Identity Firewall
Monitoring the Identity Firewall
Monitoring Memory Usage for the Identity Firewall, page26
Monitoring Users for the Identity Firewall, page27
Monitoring AD Agents
You can monitor the AD Agent component of the Identity Firewall.
Use the following options of the show user-identity command to obtain troubleshooting information for
the AD Agent:
show user-identity ad-agent
show user-identity ad-agent statistics
These commands display the following information about the primary and secondary AD Agents:
Status of the AD Agents
Status of the domains
Statistics for the AD Agents
Monitoring Groups
You can monitor the user groups configured for the Identity Firewall.
Use the show user-identity group command to obtain troubleshooting information for the user groups
configured for the Identity Firewall:
displays the list of user groups in the following format:
domain\group_name
Monitoring Memory Usage for the Identity Firewall
You can monitor the memory usage that the Identity Firewall consumes on the ASA.
Use the show user-identity memory command to obtain troubleshooting information for the Identity
Firewall:
The command displays the memory usage in bytes of various modules in the Identity Firewall:
Users
Groups
User Stats
LDAP
The ASA sends an LDAP query for the Active Directory groups configured on the Active Directory
server. The Active Directory server authenticates users and generates user logon security logs.
AD Agent
Miscellaneous
Total Memory Usage