Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
5656
Views
4
Helpful
3
Replies

ISE Live Authentication log collection

yun zhang
Level 1
Level 1

ā€Ž09-09-2013 08:34 AM - edited ā€Ž03-10-2019 08:52 PM

Hi guys

can i collect the live authentication log by my syslog server from ISE  Because our customer need to check who had authenticated and got

authorized by ise ?

Labels:
0 Helpful
3 Replies 3

Anas Naqvi
Level 1
Level 1

ā€Ž09-09-2013 08:58 AM

Hi Yun,

The Live Authentications page provides a tabular account of recent RADIUS authentications, in the order in which they happen.

The last update shown at the bottom of the Live Authentications page shows the date of the server, time, and timezone.

Following are the steps you can follow (on ISE 1.2)

Step 1 Choose Operations > Authentications.

Step 2 Select a time interval from the drop-down list to change the data refresh rate.

Step 3 Click the Refresh icon on the Live Authentications menu bar to manually update the data.

Step 4 Choose an option from the Show drop-down list to change the number of records that appear.

Step 5 Choose an option from the within drop-down list to specify a time interval,

Step 6 Click Add or Remove Columns and choose the options from the drop-down list to change the columns that are shown.

Step 7 Click Show Live Sessions to  view live RADIUS sessions. You can use the dynamic Change of  Authorization (CoA) feature for the Live Sessions that allows you to  dynamically control active RADIUS sessions. You can send reauthenticate  or disconnect requests to a Network Access Device (NAD).

Step 8 Click Save at the bottom of the drop-down list to save your modifications.

0 Helpful

jan.nielsen
Level 7
Level 7

ā€Ž09-09-2013 11:31 AM

Anas is right, you can get the info directly from ISE, but if you really need to get the authentication/authorization log sent to your own syslog server, you can do that to.

You add a new syslog server under Administration/Logging/Remote Log targets/Add

And then add the new server to Administration/Logging/Logging Categories/Passed Authentications, but be aware that the syslog messages are not small, they normally are around 4KB per syslog message, as they contain alot of information.

Muhammad Munir
Level 5
Level 5

ā€Ž09-12-2013 10:02 PM

Hi

You can monitor recent RADIUS authentications as they happen from the Live Authentications page.

The page displays the top 10 RADIUS authentications in the last 24 hours. This given section explains the

functions of the Live Authentications page.

Operations > Reports

ā€¢ Operations > Live Authentications > Filter fields

ā€¢ Operations > Reports > Catalog > Report filter fields

For more information regarding step by step configuration, please go through this link (at page 943-945):

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf


0 Helpful
Customers Also Viewed These Support Documents