03-12-2015 12:20 PM - edited 03-10-2019 10:32 PM
I have a situation where a bunch of users passwords expired in AD. There are several machines that users are logged into with their old passwords, which is causing authentication failures (failure reason code 24408). These log messages are occurring frequently, about 1-2 minutes for each machine, and with 10+ machines in this situation, it is flooding my Auth message log.
Is there a way to suppress logs in the Auth monitor by failure reason code for a certain duration, similar to what you can to with the RADIUS anomalous client suppression?
thx
03-12-2015 09:26 PM
Not with the failure code however you can create collection filter on ISE based on
– User Name
– MAC Address
– Policy Set Name
– NAS IP Address
– Device IP Address
You can read more about it here.
Regards,
Jatin
03-13-2015 10:03 AM
I looked at that feature, but that doesn't help me any based on my problem described above. Is there a solution to help with this? Can the ISE team add the functionality to filter by failure code?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide