cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1711
Views
0
Helpful
2
Replies

Cisco ISE syslog message for 87004 NOTICE Posture: Posture service received a USB-check report from an endpoint

kylerossd
Level 4
Level 4

Hello,

Does anyone have an example of a Cisco ISE syslog for this event? I have the description of what this would look like but I need to know what the <log details> looks like.

 

Message Code: 87004

Severity: NOTICE

Message Text: Posture service received a USB-check report from an endpoint

Message Description: Received a USB-check report message from an endpoint

Local Target Message Format: <timestamp> <seq_num> 87004 NOTICE Posture: Posture service received a USB-check report from an endpoint, <log details>

Remote Target Message Format: <pri_num> <timestamp> <IP address/hostname> <CISE_logging category> <msg_id> <total seg> <seg num><timestamp> <seq_num> 87004 NOTICE Posture: Posture service received a USB-check report from an endpoint, <log details>

 

Any insights are greatly appreciated

 

 

1 Accepted Solution

Accepted Solutions

Yes, I ended up standing up a test and configuring posture for USB Check.  If anyone else is interested here it is:

 

CISE_Posture_and_Client_Provisioning_Audit 0000000002 2 0 2020-07-11 22:59:46.379 -04:00 0000005801 87000 NOTICE Posture: Received a posture report from an endpoint, ConfigVersionId=77, NetworkDeviceGroups=Location#All Locations, RequestTime=1594522785899, ResponseTime=1594522786378, MacAddress=84-7B-EB-57-20-0E, OperatingSystem=Windows 10 Home 64-bit, PostureAgentVersion=AnyConnect Posture Agent for Windows 4.9.00086, PostureReport=Default_USB_Block_Policy_Win\;Failed\;(USB_Block:Mandatory:Failed:Passed_Conditions[]:Failed_Conditions[USB_Check]:Skipped_Conditions[]), PostureStatus=NonCompliant, PRAEnforcementFlag=false, PRAInterval=0, PRAGraceTime=0, PRAAction=N/A, UserName=kyle, SessionId=C0A802090000001B05A91D7A, UserAgreementStatus=NotEnabled, SystemName=DESKTOP-9G5A787, SystemDomain=n/a, SystemUser=Kyle, SystemUserDomain=DESKTOP-9G5A787, IpAddress=192.168.2.135, AMInstalled=Windows Defender\;4.18.2006.10\;1.319.1241.0\;07/11/2020\;,

View solution in original post

2 Replies 2

hslai
Cisco Employee
Cisco Employee

If you have access to an ISE deployment to test this, you may check the local logs on the PSN by CLI

 show logging application localStore/iseLocalStore.log tail

I tried to simulate it using a Windows Client on VMware but I was only able to generate regular posture events but not this specific one on USB-check.

Yes, I ended up standing up a test and configuring posture for USB Check.  If anyone else is interested here it is:

 

CISE_Posture_and_Client_Provisioning_Audit 0000000002 2 0 2020-07-11 22:59:46.379 -04:00 0000005801 87000 NOTICE Posture: Received a posture report from an endpoint, ConfigVersionId=77, NetworkDeviceGroups=Location#All Locations, RequestTime=1594522785899, ResponseTime=1594522786378, MacAddress=84-7B-EB-57-20-0E, OperatingSystem=Windows 10 Home 64-bit, PostureAgentVersion=AnyConnect Posture Agent for Windows 4.9.00086, PostureReport=Default_USB_Block_Policy_Win\;Failed\;(USB_Block:Mandatory:Failed:Passed_Conditions[]:Failed_Conditions[USB_Check]:Skipped_Conditions[]), PostureStatus=NonCompliant, PRAEnforcementFlag=false, PRAInterval=0, PRAGraceTime=0, PRAAction=N/A, UserName=kyle, SessionId=C0A802090000001B05A91D7A, UserAgreementStatus=NotEnabled, SystemName=DESKTOP-9G5A787, SystemDomain=n/a, SystemUser=Kyle, SystemUserDomain=DESKTOP-9G5A787, IpAddress=192.168.2.135, AMInstalled=Windows Defender\;4.18.2006.10\;1.319.1241.0\;07/11/2020\;,