Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2491
Views
20
Helpful
5
Replies

Logs

Go to solution
netops044
Level 1
Level 1

‎12-11-2021 07:46 AM - last edited on ‎03-09-2022 11:15 PM by Community Manager

Hi Team,

 

In our Infra devices have been integrated into the Cisco ISE for device Authentication. I need some help with log fetching.

Post tacacs authentication only the end-users can do the device configuration changes.

 

Now one of the users had done the changes in the device but we don't know which user had been made.

So we need your help to find out the below details based on the log reporting.

 

1. How to fetch the log report for the last 7 days?

2. Who all are the users can login into the specific device for the past 7 days?

3. And what all are the configuration changes happened to the specific device?

 

Please clarify the above details ASAP.

 

Regards,

RK

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎12-12-2021 01:31 PM

See the section on Cisco ISE Reports in the Admin Guide.

In the Device Administration section of the Reports, you will find TACACS Accounting, Authentication, and Authorization and TACACS Command Accounting reports. If you have these features enabled on the network device, you should see the information you're looking for there.

View solution in original post

5 Replies 5

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎12-12-2021 01:31 PM

See the section on Cisco ISE Reports in the Admin Guide.

In the Device Administration section of the Reports, you will find TACACS Accounting, Authentication, and Authorization and TACACS Command Accounting reports. If you have these features enabled on the network device, you should see the information you're looking for there.

Go to solution
netops044
Level 1
Level 1
In response to Greg Gibbs

‎01-16-2022 06:57 AM

Hello Gibbs,

Thanks for providing the idea. I have one more query, please clarify.

 

I have created one new user in the Tacacs server. Now I have query about how to provide access to the user for some of the specific devices alone? We integrated almost 500 devices into the cisco ISE but the main objective is the created user wouldn't access all the devices, it should access the specific devices only.

 

Regards,

RK

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to netops044

‎01-16-2022 01:39 PM

If I understand correctly, you have a set of network devices to which a restricted admin user/group should have access. Ideally, you want to use groups where possible in ISE to improve the ability to scale. One way you could achieve this would be:

  1. Create a new root-level Network Device Group (e.g. 'Restricted State') with two child groups (e.g. 'Restricted' and 'Non-Restricted)
  2. Update the relevant network device configurations to use the 'Restricted' value (you can do this in bulk using CSV export/import or via API)
  3. (Optionally) Create a User Identity Group for your restricted user(s)
  4. Update your Device Admin AuthZ Policy to match on the groups you created

Screen Shot 2022-01-17 at 8.37.53 am.png

Go to solution
netops044
Level 1
Level 1
In response to Greg Gibbs

‎01-18-2022 07:25 AM

Hi Gibbs,

 

Thanks for providing the suggestion.

 

Can you please share any reference link or websites? I am a beginner for the cisco ise and we aren't aware deep in this.

 

 

Regards,

 R K

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to netops044

‎01-18-2022 01:20 PM

You should start with the Admin Guide and learning resource links documented here in the NAC Community.

0 Helpful
Customers Also Viewed These Support Documents