cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5759
Views
5
Helpful
16
Replies

Are you impacted? - ISE syslog double backslash

DB101
Level 1
Level 1

We need your help to convince Cisco to resolve a defect. Please get on-board!

 

We are trying to integrate UserID function between Cisco ISE 2.x and Palo Alto Networks Firewalls. A Cisco ISE defect is causing a double backslash between domain and userID in the syslog output

 

We need you to add your company to the defect listed below so Cisco knows that multiple people are (or will be) impacted.

 

Cisco have now acknowledged this defect but are refusing to prioritize a fix. Cisco allege we are the only organization impacted. If multiple people are impacted Cisco will provide a fix.

 

Please let Cisco know you are impacted and help us pressure Cisco to provide a fix.

 

Defect Details

CSCvk09565 ISE 2.x onwards RFC 3164 is not being followed completely

 

Symptom

Syslog messages are sent with double slash in the username field.

 

Characters which are escaped with double slash are ,;{}\

 

Conditions

ISE 2.x version

 

Workaround

None

 

Further Problem Description

Below characters are escaped as of now

 

,;{}\

 

No Character should be escaped as per RFC 3164 which ISE follows.

2 Accepted Solutions

Accepted Solutions

We received a patch from Cisco that addresses this issue and results in a single backslash. Suggest you contact Cisco and request the patch. I believe it will be incorporated in a future release.

View solution in original post

Suggest you try escalating through TAC to ask for a fix if possible

View solution in original post

16 Replies 16

Arne Bier
VIP
VIP

Thanks for alerting us about this.  I just had a look in my Splunk dashboard and I see what you're talking about.  Luckily for us we're not looking closely enough to the SYSLOGS (yet) but one day in the future this may become a concern. I would chime in, but it's not causing us any issues so far (touch wood) - I am also tracking a bunch of bug ID's with our Cisco SE/AM that are causing us issues.

 

Good luck with your campaign!

Can you please let Cisco know you can see this defect in your environment are impacted. This will help us convince Cisco to provide a solution.

Hi DB101

 

how does this communication to Cisco happen exactly?  I can't open a TAC case because I cannot justify it.  Is there an email address I should use?

I think a TAC case if the official way to do it.

 

If you can't raise a TAC case, just reply to this thread. I can see it is now linked to the bug.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk09565

 

wamanbhalerao
Level 1
Level 1

We are not able to Integrate Cisco ISE and Palo alto User agent server for User ID and IP mappings hence not able to use the User ID feature

Hi,

 

I am impacted too with this problem for months. It could be really great to solve this issue, we will then be able to manage also our customer centers.

 

Sylvain

ajc
Level 7
Level 7

Let me take a look on the logs. I was not aware of it.

craiglebutt
Level 4
Level 4

Hi

 

Query, were you able to see any logs coming to the PA from ISE in cli?

I've logged a call with PA, see what they come up with

We received a patch from Cisco that addresses this issue and results in a single backslash. Suggest you contact Cisco and request the patch. I believe it will be incorporated in a future release.

Do you have information regarding the patch?  I've opened a case with Cisco and the information they're giving me is "Unfortunatley, there is not hotpatch and it doesn't seem that one will be release.It could be that they fix it in  new patch for newer versions but at the moment we just have the infromation that it would be fixed in 2.6."

 

 

Suggest you try escalating through TAC to ask for a fix if possible

craiglebutt
Level 4
Level 4

Have you still got the issue?  I'm on 2.4, by the sound of it had the same issue.

Was trying to get this sorted for ages.

Issue was trying to find the correct UserName for us, screen grab attached.

 

This was sorted by Palo Alto support company

 

Krups
Level 1
Level 1

The problem is still there in 2.7

Anyone has found a solution?

 

Thanks

Hi @Krups ,

 I double check the CSCvk09565 bug:

Last Modified: Feb 15, 2021
Status: Fixed
Known Fixed Release: 2.6(0.156)

Please take a look at: ISE 2.6 Release Notes.

 

Hope this helps !!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: