07-10-2020 08:17 AM
Hello,
Does anyone have an example of a Cisco ISE syslog for this event? I have the description of what this would look like but I need to know what the <log details> looks like.
Message Code: 87004
Severity: NOTICE
Message Text: Posture service received a USB-check report from an endpoint
Message Description: Received a USB-check report message from an endpoint
Local Target Message Format: <timestamp> <seq_num> 87004 NOTICE Posture: Posture service received a USB-check report from an endpoint, <log details>
Remote Target Message Format: <pri_num> <timestamp> <IP address/hostname> <CISE_logging category> <msg_id> <total seg> <seg num><timestamp> <seq_num> 87004 NOTICE Posture: Posture service received a USB-check report from an endpoint, <log details>
Any insights are greatly appreciated
Solved! Go to Solution.
07-17-2020 08:17 AM
Yes, I ended up standing up a test and configuring posture for USB Check. If anyone else is interested here it is:
CISE_Posture_and_Client_Provisioning_Audit 0000000002 2 0 2020-07-11 22:59:46.379 -04:00 0000005801 87000 NOTICE Posture: Received a posture report from an endpoint, ConfigVersionId=77, NetworkDeviceGroups=Location#All Locations, RequestTime=1594522785899, ResponseTime=1594522786378, MacAddress=84-7B-EB-57-20-0E, OperatingSystem=Windows 10 Home 64-bit, PostureAgentVersion=AnyConnect Posture Agent for Windows 4.9.00086, PostureReport=Default_USB_Block_Policy_Win\;Failed\;(USB_Block:Mandatory:Failed:Passed_Conditions[]:Failed_Conditions[USB_Check]:Skipped_Conditions[]), PostureStatus=NonCompliant, PRAEnforcementFlag=false, PRAInterval=0, PRAGraceTime=0, PRAAction=N/A, UserName=kyle, SessionId=C0A802090000001B05A91D7A, UserAgreementStatus=NotEnabled, SystemName=DESKTOP-9G5A787, SystemDomain=n/a, SystemUser=Kyle, SystemUserDomain=DESKTOP-9G5A787, IpAddress=192.168.2.135, AMInstalled=Windows Defender\;4.18.2006.10\;1.319.1241.0\;07/11/2020\;,
07-11-2020 03:58 PM
If you have access to an ISE deployment to test this, you may check the local logs on the PSN by CLI
show logging application localStore/iseLocalStore.log tail
I tried to simulate it using a Windows Client on VMware but I was only able to generate regular posture events but not this specific one on USB-check.
07-17-2020 08:17 AM
Yes, I ended up standing up a test and configuring posture for USB Check. If anyone else is interested here it is:
CISE_Posture_and_Client_Provisioning_Audit 0000000002 2 0 2020-07-11 22:59:46.379 -04:00 0000005801 87000 NOTICE Posture: Received a posture report from an endpoint, ConfigVersionId=77, NetworkDeviceGroups=Location#All Locations, RequestTime=1594522785899, ResponseTime=1594522786378, MacAddress=84-7B-EB-57-20-0E, OperatingSystem=Windows 10 Home 64-bit, PostureAgentVersion=AnyConnect Posture Agent for Windows 4.9.00086, PostureReport=Default_USB_Block_Policy_Win\;Failed\;(USB_Block:Mandatory:Failed:Passed_Conditions[]:Failed_Conditions[USB_Check]:Skipped_Conditions[]), PostureStatus=NonCompliant, PRAEnforcementFlag=false, PRAInterval=0, PRAGraceTime=0, PRAAction=N/A, UserName=kyle, SessionId=C0A802090000001B05A91D7A, UserAgreementStatus=NotEnabled, SystemName=DESKTOP-9G5A787, SystemDomain=n/a, SystemUser=Kyle, SystemUserDomain=DESKTOP-9G5A787, IpAddress=192.168.2.135, AMInstalled=Windows Defender\;4.18.2006.10\;1.319.1241.0\;07/11/2020\;,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: