Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2089
Views
0
Helpful
2
Replies

Cisco ISE - Is it possible to suppress logs in monitor by failure reason code?

cjkaufman@dmgov.org
Level 1
Level 1

‎03-12-2015 12:20 PM - edited ‎03-10-2019 10:32 PM

I have a situation where a bunch of users passwords expired in AD.  There are several machines that users are logged into with their old passwords, which is causing authentication failures (failure reason code 24408).  These log messages are occurring frequently, about 1-2 minutes for each machine, and with 10+ machines in this situation, it is flooding my Auth message log.

 

Is there a way to suppress logs in the Auth monitor by failure reason code for a certain duration, similar to what you can to with the RADIUS anomalous client suppression?

thx

 

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎03-12-2015 09:26 PM

Not with the failure code however you can create collection filter on ISE based on

– User Name

– MAC Address

– Policy Set Name

– NAS IP Address

– Device IP Address

You can read more about it here.

 

Regards,

Jatin

 

~Jatin
0 Helpful

cjkaufman@dmgov.org
Level 1
Level 1
In response to Jatin Katyal

‎03-13-2015 10:03 AM

I looked at that feature, but that doesn't help me any based on my problem described above.  Is there a solution to help with this?  Can the ISE team add the functionality to filter by failure code?

0 Helpful
Customers Also Viewed These Support Documents