Configuration Audit for ISE - Report or Logs

pmet · ‎11-07-2018

Dear forum ,

I am trying to find out where i can find the information about specific config change to Cisco ISE .

For example :

When an admin adds an endpoint (mac address) to an Identity Group i want to know which admin added which mac address to which group . Because we have some Identity Groups which have the option to access the network without some control checks .

I have found from the reports the Change Configuration Audit report , and with some filters i can have only the information i want .

So i have a view like the screenshot . But there is nowhere the Identity group name , which is important . Also i have tried to find this kind of information with logs , but again i haven't find if this type of information are logged and can be send to syslog .

So either from any kind of report or either from logs it would be great .

Thanks in advanced for your time .

Best regards

Makis

Surendra · ‎11-07-2018

Unfortunately, ISE does not have any other reports other than the Change Configuration Audit report and it is not that granular as well. Even though you make a small change, it dumps all the data about that object instead of just the changed configuration.

There is an enhancement request filed CSCvn14264 which ideally should be fixed in 2.5 but only time will tell.

pmet · ‎11-08-2018

Hi Surendra ,
Thanks for your reply . Noted .
Do you know if except the report , this kind of information is logged anywhere ? So to get any raw message and work with my syslog system ?

Best Regards

Prodromos

Surendra · ‎11-08-2018

Whatever you see under the Modified Properties section in the Change Configuration Audit report is a display of the exact raw syslog message of the changed data. You may try and compare the previous syslog message with the current one and see what changed but that's again is a tedious process.