On an ISE deployment that is running TACACS for access control of network routers and switches, is it possible to get the IP address of the user end-stations to display in the details of live logs?
ISE 3.1/operation/TACACS/live logs/
you can see that a bad userid was entered. When you select the details, you get a lot of information, but unless I am missing something, I do not see the end-station IP address.
Anyone who has corporate scanners knows there are a lot of noise generated by attempts from those devices, but sometimes you would like to quickly check a failure that looks a bit odd/different to determine if it is friend or foe.
On ISE 2.7 I can see the end user's IP in the TACACs live logs under the column "Remote Address". Is this attribute enabled for display in the live logs? Click on the gear icon at the top right of the TACACs live logs to confirm.