cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2754
Views
75
Helpful
9
Replies

ISE report - users last logon time

Hi Folks,

 

I'm really new to ISE and have been trying to find some documentation on how to generate a report on when users last logged on to a network device with their Tacacs account. 

 

We have a policy to remove accounts that have been inactive for 60 days or more and I need help identifying these, any help would be appreciated.

 

1 ACCEPTED SOLUTION

Accepted Solutions

Use the TACACS Authentication Report.

It has the following fields which you may sort  and correlate on:

- Generated Time
- Logged Time
- Status
- Details
- Session Key
- Identity
- Authentication Policy
- ISE Node
- Network Device Name
- Network Device IP
- Failure Reason
- Network Device Groups
- Device Type
- Location
- Device port
- Remote Address
- Epoch Time (sec)

 

Export the data to a local CSV, import to Excel, sort by Logged Time, remove duplicates by Identity, then scroll down to 90 days past.

There you go.

 

View solution in original post

9 REPLIES 9

Mike.Cifelli
VIP Advisor VIP Advisor
VIP Advisor

I would suggest taking a peek under: Operations->Reports->Device Administration.  There are several reports options there that should aide in gathering your desired info. HTH!

Yes I can see the Tacacs Authentication report there but I need to be able to generate a list of users who have not logged on in the last 60 days.  I used to do this in Microsoft AD by running a script to query the LastLogonTimeStamp, is it possible to do something similar in ISE?