08-08-2019 09:30 PM - edited 08-08-2019 09:36 PM
Hi gents,
Can you please help me how to figure out how exactly to check system changes and logs in ISE 2.4.
For e.g. I want to know how a Network Access User (name: APISponsorMgr see attached file) under Identity Management was disabled 5 days ago. It was originally enabled, I just re-enable it today.
Solved! Go to Solution.
08-09-2019 06:30 AM
Interesting. I just checked this out, using ISE 2.4 Patch 9.
First, I created the user APISponsorMgr and while creating I set the password and Administrator Group (ERS Admin). I then went to Operations > Reports > Audit > Change Configuration Audit, and I can see the creation of the account as shown below.
Great, this is working as expected, so I disabled the account and checked the Change Configuration Audit report again, but there was no change. I tried the following:
to no avail.
Clicking the links for Changed Configuration in the report only show the password being set and the group assigned (after the initial creation)
Checking the Operations > Reports > Audit > Internal Administrator Summary didn't help either. Selecting the Configuration changes icon under the admin I used to create and disable the account only brought me back to the Change Configuration Audit, but only for that admin and with no additional information. It seems there is no way to actually audit the changes to internal users other than creation and deletion.
I suggest working with TAC to file an enhancement request.
08-09-2019 06:30 AM
Interesting. I just checked this out, using ISE 2.4 Patch 9.
First, I created the user APISponsorMgr and while creating I set the password and Administrator Group (ERS Admin). I then went to Operations > Reports > Audit > Change Configuration Audit, and I can see the creation of the account as shown below.
Great, this is working as expected, so I disabled the account and checked the Change Configuration Audit report again, but there was no change. I tried the following:
to no avail.
Clicking the links for Changed Configuration in the report only show the password being set and the group assigned (after the initial creation)
Checking the Operations > Reports > Audit > Internal Administrator Summary didn't help either. Selecting the Configuration changes icon under the admin I used to create and disable the account only brought me back to the Change Configuration Audit, but only for that admin and with no additional information. It seems there is no way to actually audit the changes to internal users other than creation and deletion.
I suggest working with TAC to file an enhancement request.
08-09-2019 09:10 AM
08-11-2019 08:45 PM
08-11-2019 08:43 PM - edited 08-11-2019 08:46 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide