Solved: ISE Identity groups logging

alyautdinov · ‎02-09-2018

Hello Team

We need to see when some mac-address is adding or removing in special identity group in ISE. In which logging categories can we see this? And how it is look like?

Jason Kunst · ‎02-14-2018

ISE can do syslog to splunk which has an ISE plug in

Please check their documents

View solution in original post

Craig Hyps · ‎02-12-2018

Depending on how change made, you may see in Configuration Audit report...

You can also see Identity Group reported in Authentication log. However, the auth log does not flag if change from previous.

/C

alyautdinov · ‎02-12-2018

In report we don't see the name of the group. The point is to monitor the state of special group. We want see adding or removing mac-address to this group.

Craig Hyps · ‎02-12-2018

In example, group name is shown. Group is also shown in passed auth log. We do not alarm on endpoints entering/leaving a specified group. I recommend submitting enhancement request to your Cisco account team, or using an external logger with rule that can track members of groups and correlate changes.

alyautdinov · ‎02-14-2018

Can you promt us which product can do that? How can we track this? By syslog or snmp or API?

Can we do this with Splunk?

Jason Kunst · ‎02-14-2018

ISE can do syslog to splunk which has an ISE plug in

Please check their documents

pmet · ‎11-07-2018

Hi Jason ,

Do you know which Logging Category & at which Severity , produce this specific information of log ? I mean the name of the identity group .

Thanks

Makis