07-23-2014 11:16 AM
Hello All,
I am currently trying to integrate the cisco ise (radius server) to the Palo Alto Syslog filters so that the users that be tagged and policy applied to different categories of guest based on ISE permission.
Currently ISE seem to be sending authentication logs to Palo Alto but cannot seem to build the right regex to pull the relevant information.
Has anyone been able to do this?
Appreciate the response.
Best Regards
dan
07-24-2014 07:53 AM
Hello Dan,
It looks like, previously you have posted a similar query on this discussion forum, but still that is not answered. ( Cisco ISE Regex). In this situation, I would request you to consult with your Palo Alto SE for more relevant information.
Thanks
07-24-2014 07:53 AM
Hello Dan,
It looks like, previously you have posted a similar query on this discussion forum, but still that is not answered. ( Cisco ISE Regex). In this situation, I would request you to consult with your Palo Alto SE for more relevant information.
Thanks
07-24-2014 11:15 AM
Hi Hulk,
You are very correct 
I must have forgotten, thanks for the reminder.
Best Regards
dan
07-17-2018 06:13 PM - edited 07-17-2018 08:14 PM
Keep in mind that this will NOT work in a multi-domain environment with Cisco ISE 2.x. There is an ongoing Cisco Defect preventing integration. If you need this function, please add your company to the Cisco defect listed below. This will help us for Cisco to prioritise a defect fix. At the moment Cisco allege we are the only organisation impacted. Please reply to the post on the Cisco Forums to advise you are impacted - https://supportforums.cisco.com/t5/aaa-identity-and-nac/are-you-impacted-ise-syslog-double-backslash...
We would appreciate your support in helping convince Cisco to resolve this issue.
Defect Details
CSCvk09565 ISE 2.x onwards RFC 3164 is not being followed completely
Symptom
Syslog messages are sent with double slash in the username field.
Characters which are escaped with double slash are ,;{}\
Conditions
ISE 2.x version
Keep in mind that this will NOT work in a multi-domain environment with Cisco ISE 2.x. There is an ongoing Cisco Defect preventing integration. If you need this function, please add your company to the Cisco defect listed below.
Defect Details
CSCvk09565 ISE 2.x onwards RFC 3164 is not being followed completely
Symptom
Syslog messages are sent with double slash in the username field.
Characters which are escaped with double slash are ,;{}\
Conditions
ISE 2.x version
Workaround
None
Further Problem Description
Below characters are escaped as of now
,;{}\
No Character should be escaped as per RFC 3164 which ISE follows.
Workaround
None
Further Problem Description
Below characters are escaped as of now
,;{}\
No Character should be escaped as per RFC 3164 which ISE follows.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
