Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1811
Views
0
Helpful
3
Replies

Cisco Advanced Web Security Reporting -

Tomas Moser
Level 1
Level 1

‎04-20-2017 07:57 AM

Hi Team,

Cisco Advanced Web Security Reporting v6.1 tool does not work correctly with LDAP.

This tool is actually Splunk 6.3 with Cisco app on top of it packaged in one piece to parse some Cisco WSA logs. After following configuration manual for LDAP authentication and department reporting I believe it does not work correctly.

Problem:

File /opt/cisco_wsa_reporting/etc/apps/cisco_wsa_reporting/lookups/departments.csv contains confusing content. Every LDAP user is a member of multiple groups. However I can see that script "discovery.py populated department field in csv file with value "Alef-CZ" which is NOT any of our groups. On top of that weird string " name" " folows in the next line. I know that "name" is one of LDAP object attributes.

I think there is a problem with parsing data from LDAP quiery via ldapsearch command in a script. However, not being python expert, I do not know how to fix it. There is no detailed documentation available. 

departments.csv:

"user_id","displayName","department"
"login1","Firstname Surname","Alef-CZ
name"
"login2","Firstname2 Surname2","Alef-CZ
name"

...

Source of all available information:

http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/Advanced_Reporting/WSA_Advanced_Reporting_6/Advanced_Web_Security_Reporting_6_1.pdf

Any ideas? Can Cisco DEV team look into it? I probably cannot open a TAC case as it's just evaluation. 

Tomas

Labels:
0 Helpful
3 Replies 3

Tao Yang
Cisco Employee
Cisco Employee

‎04-21-2017 12:09 AM

Hello Tomas,

Eval customer can also create the TAC case. Please create a new TAC case to fix this issue.

0 Helpful

Tomas Moser
Level 1
Level 1
In response to Tao Yang

‎04-21-2017 01:23 AM

Hi Tao,

OK, I'd love to. But how? I do not have any S/N, P/N or VLN identificators. No input I have tried on TAC opening case page works. 

Best regards,

Tomas

0 Helpful

ccnarc
Level 1
Level 1
In response to Tomas Moser

‎07-28-2019 05:41 AM

We opened TAC case, and they suggested to use like below; It worked.

 

CN=Username_In_AD,OU=Admins,OU=A-Team,DC=DOMAIN_NAME,DC=DOMAIN_PREFIX"

 

ex: CN=ravi,OU=Admins,OU=ADMIN_Team,DC=NIKE,,DC=COM

0 Helpful
Customers Also Viewed These Support Documents