04-11-2019 01:13 AM - edited 04-11-2019 01:18 AM
Hello,
i have upgraded ISE form 2.3 to Version 2.4 Patch 6. I have used self created Filters for Live Logs, you are lost in logs if you are not able to use it....
Now in Version 2.4 Patch 6 you are able to use the self created filters, but the result of filtering is different than before. I only see Passed/Failed Authentications no Sessions any more. The Filtering is configured to get live logs only for one specific Authenication Policy.
The behavior is the same, if i´m filtering for a specific Authenication Polcy in the column in the Live Logs.
If you filter based on the Identity in Live Logs, i see Passed/Failed Authentications and Sessions.
Does anybody have this same problem, or i´m doing something wrong?
Thanks
Thomas
Solved! Go to Solution.
04-11-2019 08:47 AM
You shouldn't be getting session information when filtering in RADIUS live logs. If you were getting it in the past, it was most likely a defect that we fixed in 2.4. To view session information, click the Live Sessions tab. You can then filter from there.
Regards,
-Tim
04-12-2019 03:58 AM
Thomas,
That is funny. Those are the two columns I hide and have all my customers hide because for the most part you don't need to use those columns if you have a good naming convention on your Authorization Profiles. I just unhid them and you are correct blue session records aren't shown when you filter using either of those two columns. Definitely a bug in my opinion. Open a TAC case and have them get a bug filed.
04-11-2019 06:24 AM - edited 04-11-2019 06:25 AM
I only use the quick filter, but I just tried advanced filter with Authorization Profile and I get all record types. How exactly are you doing the filtering? I hide my authentication and authorization policy columns and only do filtering on authorization profile column because every result in my ISE deployments has a unique name using a well structured naming convention.
04-11-2019 06:41 AM
04-11-2019 08:47 AM
You shouldn't be getting session information when filtering in RADIUS live logs. If you were getting it in the past, it was most likely a defect that we fixed in 2.4. To view session information, click the Live Sessions tab. You can then filter from there.
Regards,
-Tim
04-11-2019 11:00 PM - edited 04-11-2019 11:04 PM
Hey Tim,
filtering inlcuding all Status (session, auth failed, auth passed) works in Version 2.4 in all column´s of the livelogs except of Authentication Policy and Authorization Policy.
I have tried to filter for Authentication Policy and Authorization Policy in Live session tab without success.
This sounds for me like a bug, not a feature.
BR
Thomas
04-12-2019 03:58 AM
Thomas,
That is funny. Those are the two columns I hide and have all my customers hide because for the most part you don't need to use those columns if you have a good naming convention on your Authorization Profiles. I just unhid them and you are correct blue session records aren't shown when you filter using either of those two columns. Definitely a bug in my opinion. Open a TAC case and have them get a bug filed.
04-12-2019 04:54 AM
Paul,
Thank you for you feedback. I already open a Case at Cisco.
BR
Thomas
04-23-2019 11:16 PM - edited 04-23-2019 11:16 PM
Hello All,
result from opening TAC case:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp19738/?reffering_site=dumpcr
So it is definitely a bug in Version 2.4 Patch 6.
Thanks to all.
BR
Thomas
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: