Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
2
Helpful
2
Replies

Last Login Report of Network Access Users

Go to solution
rafliraditya
Level 1
Level 1

‎11-01-2023 01:18 AM

In Cisco ISE is it possible to generate a report of All Network Access Users Last Login date and User Creation Date? I can't seems find such feature in 'Reports' Menu.

What I'm looking for is for example  :

User                  |   User Creation Date     |     Last Log in Date

Albert Smith      |    01/09/2021 08:00     |     10/19/2023 08:00 

Barry Allen        |     08/07/2021 16:00    |      08/15/2023 16:00 

Clark Kent         |     05/12/2021 18:00    |       08/15/2023 16:00

I know that there is a user expiry date feature that allows us to configure individual user accounts expiration date, generating a report just to see the last login date for each user may seem redundant with such feature available; but I thought it would be nice to be able to create this kind of report in Cisco ISE to provide more visibility for the users.


Thank You,

Regards,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-01-2023 02:34 PM

In short, no, this is not available in a report. You may request this new feature by making an ISE Wish @ https://cs.co/ise-wish.

Keep in mind that Creation Date is a Configuration item and Last Login is an Operational item so if you wanted to create this kind of functionality will need to pull this from two places within the ISE database and correlate them by the username.

f you have ISE 3.2 or later, you may also try the Log Analytics feature to get the existing RADIUS Authentication logs by username and time

The User Creation Date (dateCreated) is available via the internaluser REST API however that is only for user configuration data and not LiveLog entries.

{
  "InternalUser" : {
    "id" : "36a95816-7a99-41b7-a26a-af1070fe1879",
    "name" : "thomas",
    "description" : "Nothing to see here",
    "enabled" : true,
    "email" : "",
    "accountNameAlias" : "",
    "password" : "*******",
    "firstName" : "Thomas",
    "lastName" : "Howard",
    "changePassword" : false,
    "identityGroups" : "a1740510-8c01-11e6-996c-525400b48521",
    "passwordNeverExpires" : false,
    "daysForPasswordExpiration" : 60,
    "expiryDateEnabled" : false,
    "expiryDate" : "",
    "dateModified" : "2023-11-01",
    "dateCreated" : "2023-11-01",
    "customAttributes" : { },
    "passwordIDStore" : "Internal Users",
    "link" : {
      "rel" : "self",
      "href" : "https://198.18.133.27/ers/config/internaluser/36a95816-7a99-41b7-a26a-af1070fe1879",
      "type" : "application/json"
    }
  }
}

The ISE MNT APIs for User Name Session Search could possibly tell you this information assuming the user(s) have logged in within the time before the logs were last purged/rotated.

I

View solution in original post

2 Replies 2

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-01-2023 02:20 PM

This is likely only possible using the new Data Connect feature in ISE 3.3. Prior to this release and feature, the recommendation would typically be to send all relevant logging categories to an external syslog server like Splunk and create the necessary dashboards, queries, and reports, from that external system.

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-01-2023 02:34 PM

In short, no, this is not available in a report. You may request this new feature by making an ISE Wish @ https://cs.co/ise-wish.

Keep in mind that Creation Date is a Configuration item and Last Login is an Operational item so if you wanted to create this kind of functionality will need to pull this from two places within the ISE database and correlate them by the username.

f you have ISE 3.2 or later, you may also try the Log Analytics feature to get the existing RADIUS Authentication logs by username and time

The User Creation Date (dateCreated) is available via the internaluser REST API however that is only for user configuration data and not LiveLog entries.

{
  "InternalUser" : {
    "id" : "36a95816-7a99-41b7-a26a-af1070fe1879",
    "name" : "thomas",
    "description" : "Nothing to see here",
    "enabled" : true,
    "email" : "",
    "accountNameAlias" : "",
    "password" : "*******",
    "firstName" : "Thomas",
    "lastName" : "Howard",
    "changePassword" : false,
    "identityGroups" : "a1740510-8c01-11e6-996c-525400b48521",
    "passwordNeverExpires" : false,
    "daysForPasswordExpiration" : 60,
    "expiryDateEnabled" : false,
    "expiryDate" : "",
    "dateModified" : "2023-11-01",
    "dateCreated" : "2023-11-01",
    "customAttributes" : { },
    "passwordIDStore" : "Internal Users",
    "link" : {
      "rel" : "self",
      "href" : "https://198.18.133.27/ers/config/internaluser/36a95816-7a99-41b7-a26a-af1070fe1879",
      "type" : "application/json"
    }
  }
}

The ISE MNT APIs for User Name Session Search could possibly tell you this information assuming the user(s) have logged in within the time before the logs were last purged/rotated.

I

Customers Also Viewed These Support Documents