Solved: Re: Are you impacted? - ISE syslog double backslash - Page 2

DB101 · ‎07-17-2018

We need your help to convince Cisco to resolve a defect. Please get on-board!

We are trying to integrate UserID function between Cisco ISE 2.x and Palo Alto Networks Firewalls. A Cisco ISE defect is causing a double backslash between domain and userID in the syslog output

We need you to add your company to the defect listed below so Cisco knows that multiple people are (or will be) impacted.

Cisco have now acknowledged this defect but are refusing to prioritize a fix. Cisco allege we are the only organization impacted. If multiple people are impacted Cisco will provide a fix.

Please let Cisco know you are impacted and help us pressure Cisco to provide a fix.

Defect Details

CSCvk09565 ISE 2.x onwards RFC 3164 is not being followed completely

Symptom

Syslog messages are sent with double slash in the username field.

Characters which are escaped with double slash are ,;{}\

Conditions

ISE 2.x version

Workaround

None

Further Problem Description

Below characters are escaped as of now

,;{}\

No Character should be escaped as per RFC 3164 which ISE follows.

Krups · ‎02-22-2021

Yes you are right it is written in the release note but I think it is not solved.

I just did a capture of the UDP traffic after an authentication on the ISE portal and I have "\\" between the domain and the username for UserName= and GuestUserName=

Marcelo Morais · ‎02-22-2021

Hi @Krups

please open a TAC case for that, if it was fixed in version 2.6 it should have been fixed in version 2.7 P2 !!!

Best regards.