11-16-2017 11:53 AM
ISE Teams,
What is the best report to export a De-duplicated list of 5,000+ endpoint IPs that are failing authentication?
My customer needs:
This is help with switch from monitor or low-impact mode.
Thanks!
Bill III
Solved! Go to Solution.
11-16-2017 02:14 PM
Many network devices (e.g. Cisco WLC) would not allow DHCP until auth success. Anyhow, after exporting the reports to a CSV in a repo, we may use UNIX/Linux/BSD/macOS CLI commands awk and "sort -uf" to get unique data in a field; e.g. I exported a report on RADIUS error to my repository and then use the following to
awk -v FPAT="([^,]+)|(\"[^\"]+\")" '{print $20}' RptExp_testAdmin_RADIUS_Errors_2017-11-16_13-30-00.000000040.csv | sort -uf
11-16-2017 02:14 PM
Many network devices (e.g. Cisco WLC) would not allow DHCP until auth success. Anyhow, after exporting the reports to a CSV in a repo, we may use UNIX/Linux/BSD/macOS CLI commands awk and "sort -uf" to get unique data in a field; e.g. I exported a report on RADIUS error to my repository and then use the following to
awk -v FPAT="([^,]+)|(\"[^\"]+\")" '{print $20}' RptExp_testAdmin_RADIUS_Errors_2017-11-16_13-30-00.000000040.csv | sort -uf
11-20-2017 07:40 AM
Thanks that solves de-duplication (somewhat) and the IP problem. Is there anyway to export more than 1000 failed authentication logs from ISE at a single point in time?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide