Does anyone have an example of a Cisco ISE syslog for this event? I have the description of what this would look like but I need to know what the <log details> looks like.
Message Code: 87004
Message Text: Posture service received a USB-check report from an endpoint
Message Description: Received a USB-check report message from an endpoint
Local Target Message Format: <timestamp> <seq_num> 87004 NOTICE Posture: Posture service received a USB-check report from an endpoint, <log details>
Remote Target Message Format: <pri_num> <timestamp> <IP address/hostname> <CISE_logging category> <msg_id> <total seg> <seg num><timestamp> <seq_num> 87004 NOTICE Posture: Posture service received a USB-check report from an endpoint, <log details>
Any insights are greatly appreciated
Go to Solution.
Yes, I ended up standing up a test and configuring posture for USB Check. If anyone else is interested here it is:
CISE_Posture_and_Client_Provisioning_Audit 0000000002 2 0 2020-07-11 22:59:46.379 -04:00 0000005801 87000 NOTICE Posture: Received a posture report from an endpoint, ConfigVersionId=77, NetworkDeviceGroups=Location#All Locations, RequestTime=1594522785899, ResponseTime=1594522786378, MacAddress=84-7B-EB-57-20-0E, OperatingSystem=Windows 10 Home 64-bit, PostureAgentVersion=AnyConnect Posture Agent for Windows 4.9.00086, PostureReport=Default_USB_Block_Policy_Win\;Failed\;(USB_Block:Mandatory:Failed:Passed_Conditions:Failed_Conditions[USB_Check]:Skipped_Conditions), PostureStatus=NonCompliant, PRAEnforcementFlag=false, PRAInterval=0, PRAGraceTime=0, PRAAction=N/A, UserName=kyle, SessionId=C0A802090000001B05A91D7A, UserAgreementStatus=NotEnabled, SystemName=DESKTOP-9G5A787, SystemDomain=n/a, SystemUser=Kyle, SystemUserDomain=DESKTOP-9G5A787, IpAddress=192.168.2.135, AMInstalled=Windows Defender\;4.18.2006.10\;1.319.1241.0\;07/11/2020\;,
View solution in original post
If you have access to an ISE deployment to test this, you may check the local logs on the PSN by CLI
show logging application localStore/iseLocalStore.log tail
I tried to simulate it using a Windows Client on VMware but I was only able to generate regular posture events but not this specific one on USB-check.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: