Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
4
Replies

cisco ise 2.4 command auth report question

Go to solution
baker82
Level 1
Level 1

‎06-12-2019 06:48 PM

hello,

i would like to know if Cisco ISE can send live reporting of all command auths on the devices that is being managed with ISE. 

I have attempted to use the Admin > Settings > Alarm Settings > Alarm Notifications but im not sure which alarm would provide this tacacs-command auth. 

I was able to use the reporting feature to send these to my local repository but I am needing the report to be detailed via email.

 

thanks in advance :)

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ldanny
Cisco Employee
Cisco Employee

‎06-13-2019 04:12 AM

ISE will send a notification email when report is complete but not the detailed report itself.

I suggest contacting the sales team for feature enhancement or provide feedback option within ISE GUI (Click on the gear icon in the upper right corner).

You could try using FTP/SFTP to schedule transfers from repository to email.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Arne Bier
VIP
VIP

‎06-12-2019 11:15 PM

By design, if you use TACACS+ for device admin, then the TACACS+ Accounting can contain the commands that are executed. It would be one accounting record per command authorized.  You can also see that in the SYSLOGs.  Not sure if you want this kind of data sent to you as individual emails (if I understood your initial comments).

If you choose to use Radius for device admin, then you don't get the command accounting.  You will get Radius Accounting that contains bytes in/out, but not the commands itself.  TACACS is the way forward!

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎06-13-2019 12:43 AM

You can't generate an alarm for command change in ISE. You can do this from
syslog server by generating an alarm if syslog message matched.
0 Helpful

Go to solution
ldanny
Cisco Employee
Cisco Employee

‎06-13-2019 04:12 AM

ISE will send a notification email when report is complete but not the detailed report itself.

I suggest contacting the sales team for feature enhancement or provide feedback option within ISE GUI (Click on the gear icon in the upper right corner).

You could try using FTP/SFTP to schedule transfers from repository to email.

0 Helpful

Go to solution
baker82
Level 1
Level 1
In response to ldanny

‎06-13-2019 06:48 AM

thank you for all the help.

Ill see if i can automate this with a script to pull from repository, convert to text file, then send email. I was really hoping to have a real-time report sent via email but im thinking this might meet the teams requirements. 

 

Michael

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents