07-17-2018 06:05 PM - edited 02-21-2020 11:01 AM
We need your help to convince Cisco to resolve a defect. Please get on-board!
We are trying to integrate UserID function between Cisco ISE 2.x and Palo Alto Networks Firewalls. A Cisco ISE defect is causing a double backslash between domain and userID in the syslog output
We need you to add your company to the defect listed below so Cisco knows that multiple people are (or will be) impacted.
Cisco have now acknowledged this defect but are refusing to prioritize a fix. Cisco allege we are the only organization impacted. If multiple people are impacted Cisco will provide a fix.
Please let Cisco know you are impacted and help us pressure Cisco to provide a fix.
Defect Details
CSCvk09565 ISE 2.x onwards RFC 3164 is not being followed completely
Symptom
Syslog messages are sent with double slash in the username field.
Characters which are escaped with double slash are ,;{}\
Conditions
ISE 2.x version
Workaround
None
Further Problem Description
Below characters are escaped as of now
,;{}\
No Character should be escaped as per RFC 3164 which ISE follows.
Solved! Go to Solution.
11-21-2018 02:27 PM
We received a patch from Cisco that addresses this issue and results in a single backslash. Suggest you contact Cisco and request the patch. I believe it will be incorporated in a future release.
01-07-2019 11:15 AM
07-17-2018 06:35 PM
Thanks for alerting us about this. I just had a look in my Splunk dashboard and I see what you're talking about. Luckily for us we're not looking closely enough to the SYSLOGS (yet) but one day in the future this may become a concern. I would chime in, but it's not causing us any issues so far (touch wood) - I am also tracking a bunch of bug ID's with our Cisco SE/AM that are causing us issues.
Good luck with your campaign!
07-17-2018 06:40 PM
Can you please let Cisco know you can see this defect in your environment are impacted. This will help us convince Cisco to provide a solution.
07-17-2018 06:59 PM
Hi DB101
how does this communication to Cisco happen exactly? I can't open a TAC case because I cannot justify it. Is there an email address I should use?
07-17-2018 08:10 PM
I think a TAC case if the official way to do it.
If you can't raise a TAC case, just reply to this thread. I can see it is now linked to the bug.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk09565
07-17-2018 09:25 PM
We are not able to Integrate Cisco ISE and Palo alto User agent server for User ID and IP mappings hence not able to use the User ID feature
07-17-2018 10:54 PM
Hi,
I am impacted too with this problem for months. It could be really great to solve this issue, we will then be able to manage also our customer centers.
Sylvain
07-18-2018 02:57 PM
Let me take a look on the logs. I was not aware of it.
08-10-2018 02:41 AM
Hi
Query, were you able to see any logs coming to the PA from ISE in cli?
I've logged a call with PA, see what they come up with
11-21-2018 02:27 PM
We received a patch from Cisco that addresses this issue and results in a single backslash. Suggest you contact Cisco and request the patch. I believe it will be incorporated in a future release.
01-07-2019 08:18 AM
Do you have information regarding the patch? I've opened a case with Cisco and the information they're giving me is "Unfortunatley, there is not hotpatch and it doesn't seem that one will be release.It could be that they fix it in new patch for newer versions but at the moment we just have the infromation that it would be fixed in 2.6."
01-07-2019 11:15 AM
01-08-2019 12:03 AM
02-22-2021 03:10 AM
The problem is still there in 2.7
Anyone has found a solution?
Thanks
02-22-2021 04:03 AM
Hi @Krups ,
I double check the CSCvk09565 bug:
Last Modified: Feb 15, 2021
Status: Fixed
Known Fixed Release: 2.6(0.156)
Please take a look at: ISE 2.6 Release Notes.
Hope this helps !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide