Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
3
Helpful
1
Replies

Cisco ISE - Potential Discrepancy in logging Categories

i-camisa
Level 1
Level 1

‎02-03-2025 04:46 AM

We've seen a potential issue with the Administrative & Operational Audit logging categories, where a specific use case is not logged under the existing categories. Under the current codes we have: 51000 - Authentication Failure, 51001 - Authentication Success, etc

However there does not seem to be a code & ISE does not create a log (locally or via syslog) when a domain user, with a correct username/password but not the right level of group permissions to access to the web GUI attempts to log in. The same user, with an incorrect password, correctly logs the attempt under code 51000.

We're running Cisco ISE 3.3, with patch 2 installed. Any ideas welcome and is this fixable, or is this a platform limitation?

1 Reply 1

Arne Bier
VIP
VIP

‎02-03-2025 01:06 PM

Very interesting - looks like a bug or something they forgot to add. I can reproduce the same issue in ISE 3.4 p1.

My rsyslog server is receiving logs from ISE for passed auths etc.

ArneBier_1-1738616780423.png

 

ISE tells you that the username/password is invalid. But no logs at all. I would raise a TAC case on this

ArneBier_0-1738616315473.png

 

 

 

Customers Also Viewed These Support Documents