10-25-2017 04:00 AM - edited 02-21-2020 10:36 AM
Hey,
I am currently looking for way of getting endpoints data from whatever source (ERS API, Monitoring API, exporting data to CSV from the UI) - I would like to know endpoints mac, ip, username, aunthentication time (I believe this is the 'Source/Received Timestamp' visible in endpoints details -> Authentication -> Details) and failure reason (if it is there).
And so I have some questions:
1. What exactly is the `UpdateTime` field presented in exported data of a given endpoint? Is this the timestamp of last update? If so, how it can be that this timestamp corresponds to datetime that is before the `Source Timestamp` date presented in endpoint details -> Authentication -> Details view?
2. Is there any API to get all endpoints data with details? I know there is ERS API but it seems it doesn't provide as much details as UI or exported data.
3. Is there any documentation about fields presented in the exported endpoints data?
4. Is there any detailed documentation on how and when particular endpoints gets updated?
10-25-2017 05:00 PM
from the PAN CLI you can export all this stuff into a .csv
application configure ise
then choose
[16]Get all Endpoints
Once you exit the menu, you will see a file like this in your disk:/
FullReport_26-Oct-2017.csv
You then copy the file to your repo.
Alternatively, in the GUI you can export all the Endpoints from the Context Visibility > Endpoints menu (Export > Export All).
There is an API to do this as well but I have never used it. Cisco have created an app that has access to this API (ISE Endpoint Analysis Tool) for Cisco internal and Partners. https://iseeat.cisco.com/ - you need to register to get a copy. But in my experience the other methods give you the same data.
10-27-2017 06:25 AM - edited 10-27-2017 07:01 AM
This still doesn't answer my questions but thanks for the idea of getting endpoints csv through PAN CLI. It seems it has much more columns then the csv from GUI.
By the way is it possible to download file directly from ssh (PAN CLI) to my machine without hosting a ftp/sftp/nfs/something else? scp seems to be not working...
10-29-2017 08:31 PM
I have not found a way of getting a file off a node other than with the copy command.
In the quick and dirty approach, install an FTP server like CoreFTP Mini Server (free) and then create a repo on the ISE node. With FTP you don't need to create any crypto host keys etc - that's usually where the wheels come off if not done right.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide