https://community.cisco.com/t5/network-access-control/logs/m-p/4517196#M571605 <P>Hi Team,</P><P>&nbsp;</P><P>In our Infra devices have been integrated into the Cisco ISE for device Authentication. I need some help with log fetching.</P><P>Post tacacs authentication only the end-users can do the device configuration changes.</P><P>&nbsp;</P><P>Now one of the users had done the changes in the device but we don't know which user had been made.</P><P>So we need your help to find out the below details based on the log reporting.</P><P>&nbsp;</P><P>1. How to fetch the log report for the last 7 days?</P><P>2. Who all are the users can login into the specific device for the past 7 days?</P><P>3. And what all are the configuration changes happened to the specific device?</P><P>&nbsp;</P><P>Please clarify the above details ASAP.</P><P>&nbsp;</P><P>Regards,</P><P>RK</P> Thu, 10 Mar 2022 07:15:12 GMT netops044 2022-03-10T07:15:12Z https://community.cisco.com/t5/network-access-control/logs/m-p/4517196#M571605 <P>Hi Team,</P><P>&nbsp;</P><P>In our Infra devices have been integrated into the Cisco ISE for device Authentication. I need some help with log fetching.</P><P>Post tacacs authentication only the end-users can do the device configuration changes.</P><P>&nbsp;</P><P>Now one of the users had done the changes in the device but we don't know which user had been made.</P><P>So we need your help to find out the below details based on the log reporting.</P><P>&nbsp;</P><P>1. How to fetch the log report for the last 7 days?</P><P>2. Who all are the users can login into the specific device for the past 7 days?</P><P>3. And what all are the configuration changes happened to the specific device?</P><P>&nbsp;</P><P>Please clarify the above details ASAP.</P><P>&nbsp;</P><P>Regards,</P><P>RK</P> Thu, 10 Mar 2022 07:15:12 GMT https://community.cisco.com/t5/network-access-control/logs/m-p/4517196#M571605 netops044 2022-03-10T07:15:12Z https://community.cisco.com/t5/network-access-control/logs/m-p/4517534#M571613 <P>See the section on <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_maintain_monitor.html#concept_BBDE3C7FC9074AEB8B6C487FF3A25932" target="_blank" rel="noopener">Cisco ISE Reports in the Admin Guide</A>.</P> <P>In the Device Administration section of the Reports, you will find TACACS Accounting, Authentication, and Authorization and TACACS Command Accounting reports. If you have these features enabled on the network device, you should see the information you're looking for there.</P> Sun, 12 Dec 2021 21:31:46 GMT https://community.cisco.com/t5/network-access-control/logs/m-p/4517534#M571613 Greg Gibbs 2021-12-12T21:31:46Z https://community.cisco.com/t5/network-access-control/logs/m-p/4532264#M572242 <P>Hello Gibbs,</P><P>Thanks for providing the idea. I have one more query, please clarify.</P><P>&nbsp;</P><P>I have created one new user in the Tacacs server. Now I have query about how to provide access to the user for some of the specific devices alone? We integrated almost 500 devices into the cisco ISE but the main objective is the created user wouldn't access all the devices, it should access the specific devices only.</P><P>&nbsp;</P><P>Regards,</P><P>RK</P> Sun, 16 Jan 2022 14:57:37 GMT https://community.cisco.com/t5/network-access-control/logs/m-p/4532264#M572242 netops044 2022-01-16T14:57:37Z https://community.cisco.com/t5/network-access-control/logs/m-p/4532315#M572247 <P>If I understand correctly, you have a set of network devices to which a restricted admin user/group should have access. Ideally, you want to use groups where possible in ISE to improve the ability to scale. One way you could achieve this would be:</P> <OL> <LI>Create a new root-level Network Device Group (e.g. 'Restricted State') with two child groups (e.g. 'Restricted' and 'Non-Restricted)</LI> <LI>Update the relevant network device configurations to use the 'Restricted' value (you can do this in bulk using CSV export/import or via API)</LI> <LI>(Optionally) Create a User Identity Group for your restricted user(s)</LI> <LI>Update your Device Admin AuthZ Policy to match on the groups you created</LI> </OL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2022-01-17 at 8.37.53 am.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/141378iF72192140F77DB21/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2022-01-17 at 8.37.53 am.png" alt="Screen Shot 2022-01-17 at 8.37.53 am.png" /></span></P> Sun, 16 Jan 2022 21:39:33 GMT https://community.cisco.com/t5/network-access-control/logs/m-p/4532315#M572247 Greg Gibbs 2022-01-16T21:39:33Z https://community.cisco.com/t5/network-access-control/logs/m-p/4533377#M572278 <P>Hi Gibbs,</P><P>&nbsp;</P><P>Thanks for providing the suggestion.</P><P>&nbsp;</P><P>Can you please share any reference link or websites? I am a beginner for the cisco ise and we aren't aware deep in this.</P><P>&nbsp;</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;R K</P> Tue, 18 Jan 2022 15:25:11 GMT https://community.cisco.com/t5/network-access-control/logs/m-p/4533377#M572278 netops044 2022-01-18T15:25:11Z https://community.cisco.com/t5/network-access-control/logs/m-p/4533644#M572281 <P>You should start with the <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0.html" target="_blank" rel="noopener">Admin Guide</A> and <A href="https://community.cisco.com/t5/security-documents/cisco-ise-amp-nac-resources/ta-p/3621621#Learn" target="_blank" rel="noopener">learning resource links</A> documented here in the NAC Community.</P> Tue, 18 Jan 2022 21:20:24 GMT https://community.cisco.com/t5/network-access-control/logs/m-p/4533644#M572281 Greg Gibbs 2022-01-18T21:20:24Z