Is there any way I can get historical logs kept on the switches that would have revealed the mac address and the port that it appeared on, even if it's only 24 hours worth. The fact that the users reappeared on the network is obvious to trace. The issue is whether this users could have been traced while off the network.
Obviously log files are needed, but for switches & NAC?
The NAC logs provided nothing but the initial authentication time. Is there any way that all connections can be logged?
Somehow the user concerned gave cause for OUCS to report an issue of Malware. This user didn't show up on the NAC or switch when searching the mac address. This is a real flaw. I can't understand how the NAC didn't provide a log of the connection either.
Need advise or solution to fix this issue we are having.