cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2979
Views
75
Helpful
9
Replies

ISE report - users last logon time

Hi Folks,

 

I'm really new to ISE and have been trying to find some documentation on how to generate a report on when users last logged on to a network device with their Tacacs account. 

 

We have a policy to remove accounts that have been inactive for 60 days or more and I need help identifying these, any help would be appreciated.

 

1 Accepted Solution

Accepted Solutions

Use the TACACS Authentication Report.

It has the following fields which you may sort  and correlate on:

- Generated Time
- Logged Time
- Status
- Details
- Session Key
- Identity
- Authentication Policy
- ISE Node
- Network Device Name
- Network Device IP
- Failure Reason
- Network Device Groups
- Device Type
- Location
- Device port
- Remote Address
- Epoch Time (sec)

 

Export the data to a local CSV, import to Excel, sort by Logged Time, remove duplicates by Identity, then scroll down to 90 days past.

There you go.

 

View solution in original post

9 Replies 9

Mike.Cifelli
VIP Advisor VIP Advisor
VIP Advisor

I would suggest taking a peek under: Operations->Reports->Device Administration.  There are several reports options there that should aide in gathering your desired info. HTH!

Yes I can see the Tacacs Authentication report there but I need to be able to generate a list of users who have not logged on in the last 60 days.  I used to do this in Microsoft AD by running a script to query the LastLogonTimeStamp, is it possible to do something similar in ISE?

There is no such report on ISE currently, however this information can be gathered from Context Visibility per endpoint, you will find an attributed for Inactive days.

Use the TACACS Authentication Report.

It has the following fields which you may sort  and correlate on:

- Generated Time
- Logged Time
- Status
- Details
- Session Key
- Identity
- Authentication Policy
- ISE Node
- Network Device Name
- Network Device IP
- Failure Reason
- Network Device Groups
- Device Type
- Location
- Device port
- Remote Address
- Epoch Time (sec)

 

Export the data to a local CSV, import to Excel, sort by Logged Time, remove duplicates by Identity, then scroll down to 90 days past.

There you go.

 

Thanks Thomas, I'll have a look

Hello @thomas 

Where should I find the Option at ISE if it is Radius Based Authentication ?

Hi @MSJ1 ,

 take a look at Operations > Reports > Reports > Endpoint and Users > RADIUS Authentication, please check if it is what you are looking for.

 

Hope this helps !!!

yes Thank You I think I got required information.

Radius Auth shows "Logged at" value and Radius Accounting shows " Session Time"

Hi @MSJ1 ,

 excellent news !!!

 

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers