Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6028
Views
75
Helpful
9
Replies

ISE report - users last logon time

Go to solution
mark.gilmour@bt.com
Level 1
Level 1

‎06-02-2021 03:41 AM

Hi Folks,

 

I'm really new to ISE and have been trying to find some documentation on how to generate a report on when users last logged on to a network device with their Tacacs account. 

 

We have a policy to remove accounts that have been inactive for 60 days or more and I need help identifying these, any help would be appreciated.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to mark.gilmour@bt.com

‎06-02-2021 12:17 PM

Use the TACACS Authentication Report.

It has the following fields which you may sort  and correlate on:

- Generated Time
- Logged Time
- Status
- Details
- Session Key
- Identity
- Authentication Policy
- ISE Node
- Network Device Name
- Network Device IP
- Failure Reason
- Network Device Groups
- Device Type
- Location
- Device port
- Remote Address
- Epoch Time (sec)

 

Export the data to a local CSV, import to Excel, sort by Logged Time, remove duplicates by Identity, then scroll down to 90 days past.

There you go.

 

View solution in original post

9 Replies 9

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎06-02-2021 05:13 AM

I would suggest taking a peek under: Operations->Reports->Device Administration.  There are several reports options there that should aide in gathering your desired info. HTH!

0 Helpful

Go to solution
mark.gilmour@bt.com
Level 1
Level 1

‎06-02-2021 06:02 AM

Yes I can see the Tacacs Authentication report there but I need to be able to generate a list of users who have not logged on in the last 60 days.  I used to do this in Microsoft AD by running a script to query the LastLogonTimeStamp, is it possible to do something similar in ISE?

0 Helpful

Go to solution
lrojaslo
Cisco Employee
Cisco Employee
In response to mark.gilmour@bt.com

‎06-02-2021 07:37 AM

There is no such report on ISE currently, however this information can be gathered from Context Visibility per endpoint, you will find an attributed for Inactive days.

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to mark.gilmour@bt.com

‎06-02-2021 12:17 PM

Use the TACACS Authentication Report.

It has the following fields which you may sort  and correlate on:

- Generated Time
- Logged Time
- Status
- Details
- Session Key
- Identity
- Authentication Policy
- ISE Node
- Network Device Name
- Network Device IP
- Failure Reason
- Network Device Groups
- Device Type
- Location
- Device port
- Remote Address
- Epoch Time (sec)

 

Export the data to a local CSV, import to Excel, sort by Logged Time, remove duplicates by Identity, then scroll down to 90 days past.

There you go.

 

Go to solution
mark.gilmour@bt.com
Level 1
Level 1
In response to thomas

‎06-03-2021 03:08 AM

Thanks Thomas, I'll have a look

0 Helpful

Go to solution
MSJ1
Level 1
Level 1
In response to thomas

‎03-02-2022 07:55 AM

Hello @thomas 

Where should I find the Option at ISE if it is Radius Based Authentication ?

Go to solution
Marcelo Morais
VIP
VIP
In response to MSJ1

‎03-02-2022 09:19 AM

Hi @MSJ1 ,

 take a look at Operations > Reports > Reports > Endpoint and Users > RADIUS Authentication, please check if it is what you are looking for.

 

Hope this helps !!!

Go to solution
MSJ1
Level 1
Level 1
In response to Marcelo Morais

‎03-02-2022 07:36 PM

yes Thank You I think I got required information.

Radius Auth shows "Logged at" value and Radius Accounting shows " Session Time"

Go to solution
Marcelo Morais
VIP
VIP
In response to MSJ1

‎03-03-2022 02:40 AM

Hi @MSJ1 ,

 excellent news !!!

 

Regards

Customers Also Viewed These Support Documents