09-25-2019 01:12 PM - edited 02-21-2020 11:10 AM
Hi,
I have my Prime and APIC controller authentication over TACACS VIA ISE. The issue im having is that every 5 minutes when the poling takes place between Prime and APIC I am seeing it in ISE TACACS Logs. I cant change the pole interval and the sheer number of poles per-day is causing an issues with seeing user logins to the both appliances.
Solved! Go to Solution.
09-25-2019 04:10 PM
In the past it was not possible to suppress TACACS logs, but it appears that an enhancement request has been completed and as of 2.4 p6 (or 2.6) you should be able to do this.
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb45390
Try to create a log collection filter here, filtering passed authentications for the APIC IP or username.
https://<ISE IP>/admin/#administration/administration_system/administration_system_logging/collection_filters
09-25-2019 04:10 PM
In the past it was not possible to suppress TACACS logs, but it appears that an enhancement request has been completed and as of 2.4 p6 (or 2.6) you should be able to do this.
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb45390
Try to create a log collection filter here, filtering passed authentications for the APIC IP or username.
https://<ISE IP>/admin/#administration/administration_system/administration_system_logging/collection_filters
09-25-2019 09:20 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: