We have a full deployment of ISE, Trustsec, UCS, 1000v and Nexus 7k's to secure our virtual shared desktop and VDI enviroments. It all works, RBACL policys gets pushed, updates and enforces policy. The " show cts role-based counters" command works but individual logging on specific SGL's don't log to the N7k's even though the counters accumulate. Any one have any ideas? Below is a copy of one of my test SGL's outputs.
T
sgt:200(VDI_nfrastructure) dgt:1028(172_17_204_0) [73654]
rbacl:Test_172_17_204_0
permit tcp dst eq 22 [0]
permit tcp dst eq 80 [0]
permit tcp dst eq 443 [0]
permit tcp dst eq 1494 [0]
permit tcp dst eq 2598 [0]
permit tcp dst eq 3010 [0]
permit tcp dst eq 8010 [0]
permit tcp dst eq 8080 [0]
permit tcp dst eq 8081 [0]
permit ip log [73654]