Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
1
Helpful
2
Replies

ISE remote logging - incude AD group

Go to solution
anvolkov
Cisco Employee
Cisco Employee

‎08-27-2016 05:09 AM

hello,

do you know if it's possible to include AD group to the logs (when sending them to the remote target as an external syslog server)? we need to have not only Identity source information, but exactly the AD group to which the user belongs.

Thank you in advance!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-27-2016 10:13 AM

The info in authentication details reports would be there. If customers needing more than what in the reports, then please ask them to use LDAP search tools, such as Dsget user, to get that directly from AD.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-27-2016 10:13 AM

The info in authentication details reports would be there. If customers needing more than what in the reports, then please ask them to use LDAP search tools, such as Dsget user, to get that directly from AD.

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee

‎08-29-2016 08:49 AM

Not sure of the details on what is the end goal here, but you could craft the Authz policy rule name or the AuthZ profile name that resembles the AD group that the user is member of that gets assigned to the user/device. I have not personally tested out the syslog result for this purpose so suggest you test out to see if you get the proper string back.

Customers Also Viewed These Support Documents