Procedure 1 - Live Authentications Log
The Live Authentications log in ISE lists all the authentications that have reached ISE. If there is no entry for the user in this screen, the authentication request has not been received by ISE.
You can look at the Live Authentications log by logging in to ISE primary PAN and going to Operations > Authentications. Doing so will bring up a screen similar to the one shown in the image below.
The Live Authentications log has several important pieces of information that are critical to determining who is on the network, when and where they connected, and how they were authenticated.
Optionally, you can choose to show the following categories:
| Time | Shows the time that the log was received by the collection agent. This column is required and cannot be deselected. |
| Status | Shows if the authentication was successful or failed. This column is required and cannot be deselected. |
| Details | Brings up a report when you click the magnifying glass icon, allowing you to drill down to view more detailed information on the selected authentication scenario. This column is required and cannot be deselected. |
| Username | Shows the username that is associated with the authentication. |
| Endpoint ID | Shows the unique identifier for an endpoint, usually a MAC or IP address. |
| IP Address | Shows the IP address of the endpoint device. |
| Network Device | Shows the IP address of the network access device. |
| Device Port | Shows the port number at which the endpoint is connected. |
| Authorization Profiles | Shows an authorization profile that was used for authentication. |
| Identity Group | Shows the identity group that is assigned to the user or endpoint, for which the log was generated. |
| Posture Status | Shows the status of the posture validation and details on the authentication. |
| Event | Shows the event status. |
| Failure Reason | Shows a detailed reason for failure, if the authentication failed. |
| Auth Method | Shows the authentication method that is used by the RADIUS protocol, such as Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2), IEE 802.1x, or dot1x, and so on. |
| Authentication Protocol | Shows the authentication protocol used, such as Protected Extensible Authentication Protocol (PEAP), Extensible Authentication Protocol (EAP), and the like. |
| Security Group | Shows the group that is identified by the authentication log. |
| Server | Indicates the policy service from which the log was generated. |
| Session ID | Shows the session ID |