04-11-2019 01:13 AM - edited 04-11-2019 01:18 AM
Hello,
i have upgraded ISE form 2.3 to Version 2.4 Patch 6. I have used self created Filters for Live Logs, you are lost in logs if you are not able to use it....
Now in Version 2.4 Patch 6 you are able to use the self created filters, but the result of filtering is different than before. I only see Passed/Failed Authentications no Sessions any more. The Filtering is configured to get live logs only for one specific Authenication Policy.
The behavior is the same, if i´m filtering for a specific Authenication Polcy in the column in the Live Logs.
If you filter based on the Identity in Live Logs, i see Passed/Failed Authentications and Sessions.
Does anybody have this same problem, or i´m doing something wrong?
Thanks
Thomas
Solved! Go to Solution.
04-11-2019 08:47 AM
You shouldn't be getting session information when filtering in RADIUS live logs. If you were getting it in the past, it was most likely a defect that we fixed in 2.4. To view session information, click the Live Sessions tab. You can then filter from there.
Regards,
-Tim
04-12-2019 03:58 AM
Thomas,
That is funny. Those are the two columns I hide and have all my customers hide because for the most part you don't need to use those columns if you have a good naming convention on your Authorization Profiles. I just unhid them and you are correct blue session records aren't shown when you filter using either of those two columns. Definitely a bug in my opinion. Open a TAC case and have them get a bug filed.
04-11-2019 06:24 AM - edited 04-11-2019 06:25 AM
I only use the quick filter, but I just tried advanced filter with Authorization Profile and I get all record types. How exactly are you doing the filtering? I hide my authentication and authorization policy columns and only do filtering on authorization profile column because every result in my ISE deployments has a unique name using a well structured naming convention.
04-11-2019 06:41 AM
04-11-2019 08:47 AM
You shouldn't be getting session information when filtering in RADIUS live logs. If you were getting it in the past, it was most likely a defect that we fixed in 2.4. To view session information, click the Live Sessions tab. You can then filter from there.
Regards,
-Tim
04-11-2019 11:00 PM - edited 04-11-2019 11:04 PM
Hey Tim,
filtering inlcuding all Status (session, auth failed, auth passed) works in Version 2.4 in all column´s of the livelogs except of Authentication Policy and Authorization Policy.
I have tried to filter for Authentication Policy and Authorization Policy in Live session tab without success.
This sounds for me like a bug, not a feature.
BR
Thomas
04-12-2019 03:58 AM
Thomas,
That is funny. Those are the two columns I hide and have all my customers hide because for the most part you don't need to use those columns if you have a good naming convention on your Authorization Profiles. I just unhid them and you are correct blue session records aren't shown when you filter using either of those two columns. Definitely a bug in my opinion. Open a TAC case and have them get a bug filed.
04-12-2019 04:54 AM
Paul,
Thank you for you feedback. I already open a Case at Cisco.
BR
Thomas
04-23-2019 11:16 PM - edited 04-23-2019 11:16 PM
Hello All,
result from opening TAC case:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp19738/?reffering_site=dumpcr
So it is definitely a bug in Version 2.4 Patch 6.
Thanks to all.
BR
Thomas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide