11-01-2023 01:18 AM
In Cisco ISE is it possible to generate a report of All Network Access Users Last Login date and User Creation Date? I can't seems find such feature in 'Reports' Menu.
What I'm looking for is for example :
User | User Creation Date | Last Log in Date
Albert Smith | 01/09/2021 08:00 | 10/19/2023 08:00
Barry Allen | 08/07/2021 16:00 | 08/15/2023 16:00
Clark Kent | 05/12/2021 18:00 | 08/15/2023 16:00
I know that there is a user expiry date feature that allows us to configure individual user accounts expiration date, generating a report just to see the last login date for each user may seem redundant with such feature available; but I thought it would be nice to be able to create this kind of report in Cisco ISE to provide more visibility for the users.
Thank You,
Regards,
Solved! Go to Solution.
11-01-2023 02:34 PM
In short, no, this is not available in a report. You may request this new feature by making an ISE Wish @ https://cs.co/ise-wish.
Keep in mind that Creation Date is a Configuration item and Last Login is an Operational item so if you wanted to create this kind of functionality will need to pull this from two places within the ISE database and correlate them by the username.
f you have ISE 3.2 or later, you may also try the Log Analytics feature to get the existing RADIUS Authentication logs by username and time
The User Creation Date (dateCreated) is available via the internaluser REST API however that is only for user configuration data and not LiveLog entries.
{ "InternalUser" : { "id" : "36a95816-7a99-41b7-a26a-af1070fe1879", "name" : "thomas", "description" : "Nothing to see here", "enabled" : true, "email" : "", "accountNameAlias" : "", "password" : "*******", "firstName" : "Thomas", "lastName" : "Howard", "changePassword" : false, "identityGroups" : "a1740510-8c01-11e6-996c-525400b48521", "passwordNeverExpires" : false, "daysForPasswordExpiration" : 60, "expiryDateEnabled" : false, "expiryDate" : "", "dateModified" : "2023-11-01", "dateCreated" : "2023-11-01", "customAttributes" : { }, "passwordIDStore" : "Internal Users", "link" : { "rel" : "self", "href" : "https://198.18.133.27/ers/config/internaluser/36a95816-7a99-41b7-a26a-af1070fe1879", "type" : "application/json" } } }
The ISE MNT APIs for User Name Session Search could possibly tell you this information assuming the user(s) have logged in within the time before the logs were last purged/rotated.
I
11-01-2023 02:20 PM
This is likely only possible using the new Data Connect feature in ISE 3.3. Prior to this release and feature, the recommendation would typically be to send all relevant logging categories to an external syslog server like Splunk and create the necessary dashboards, queries, and reports, from that external system.
11-01-2023 02:34 PM
In short, no, this is not available in a report. You may request this new feature by making an ISE Wish @ https://cs.co/ise-wish.
Keep in mind that Creation Date is a Configuration item and Last Login is an Operational item so if you wanted to create this kind of functionality will need to pull this from two places within the ISE database and correlate them by the username.
f you have ISE 3.2 or later, you may also try the Log Analytics feature to get the existing RADIUS Authentication logs by username and time
The User Creation Date (dateCreated) is available via the internaluser REST API however that is only for user configuration data and not LiveLog entries.
{ "InternalUser" : { "id" : "36a95816-7a99-41b7-a26a-af1070fe1879", "name" : "thomas", "description" : "Nothing to see here", "enabled" : true, "email" : "", "accountNameAlias" : "", "password" : "*******", "firstName" : "Thomas", "lastName" : "Howard", "changePassword" : false, "identityGroups" : "a1740510-8c01-11e6-996c-525400b48521", "passwordNeverExpires" : false, "daysForPasswordExpiration" : 60, "expiryDateEnabled" : false, "expiryDate" : "", "dateModified" : "2023-11-01", "dateCreated" : "2023-11-01", "customAttributes" : { }, "passwordIDStore" : "Internal Users", "link" : { "rel" : "self", "href" : "https://198.18.133.27/ers/config/internaluser/36a95816-7a99-41b7-a26a-af1070fe1879", "type" : "application/json" } } }
The ISE MNT APIs for User Name Session Search could possibly tell you this information assuming the user(s) have logged in within the time before the logs were last purged/rotated.
I
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide