07-25-2017 06:55 AM
Hi,
I have a customer asking if they will have the same degree of audit logs (accounting/forensics) with a GUI based management system.
Please advise.
Thank you,
Dan Weaver
Solved! Go to Solution.
07-25-2017 07:10 PM
ISE should be your single source to enforce, track and audit who is logging into the various systems. You can also use it to assign roles and privilege levels where supported. If a device supports command authorization/accounting ISE can also detail what actions were performed on the system. Otherwise it is up to that system to log what actions were done on the system.
If the customer is looking for a single pane of glass for everything they should be looking at a SIEM.
07-25-2017 07:30 AM
Yes, the Auditing does not change.
In my case, Administrator exists in AD, authenticated through ISE
The audit logs still show what is expected:
07-25-2017 12:42 PM
So they have to look at 2 systems now, ISE/ACS and the FMC to have complete logs for all managed systems?
07-25-2017 07:10 PM
ISE should be your single source to enforce, track and audit who is logging into the various systems. You can also use it to assign roles and privilege levels where supported. If a device supports command authorization/accounting ISE can also detail what actions were performed on the system. Otherwise it is up to that system to log what actions were done on the system.
If the customer is looking for a single pane of glass for everything they should be looking at a SIEM.
07-27-2017 12:07 PM
“If a device supports command authorization/accounting ISE can also detail what actions were performed on the system.” – so ASA/FMC config changes made in a GUI will be translated to CLI input and shown in the ISE AAA reports for authorization/accounting? I don’t want to sound skeptical but I would kind of like to see that in action. For example, if I add a NAT statement when I’m logged into the GUI as User1, I’ll find a corresponding authorization/accounting line item in ISE for something like “nat (inside,outside) dynamic interface” attributed to User1 in the logs?
07-27-2017 12:18 PM
No I was making a general statement. If he device authenticating against supports command authorization/accounting it would show in ISE reports. I wasn't saying FMC supported this.
Sent from my iPhone
07-27-2017 12:24 PM
Can someone just let me know if GUI changes made in FMC are logged in the equivalent detail that they would have been in CLI, that's all the customer wants to know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide