了解思科
购买方式

已有帐户?

  •   个性化内容
  •   您的产品和支持

需要帐户?

创建帐户

配置2.2客户端调配和应用

下载选项

  • PDF     (1.7 MB)
    在各种设备上使用 Adobe Reader 查看
  • ePub     (1.6 MB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上使用各种应用查看
  • Mobi (Kindle)     (1.5 MB)
    在 Kindle 设备上查看或在多个设备上使用 Kindle 应用查看
已更新: 2017 年 11 月 20 日
文档 ID:210514

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。

    简介

    本文档介绍如何在身份服务引擎(ISE)2.2上配置应用可视性并对其进行故障排除。应用可视性允许您监控终端上安装的应用、基于该信息创建策略,以及在终端安全评估检查期间终止或卸载应用(如果它们满足指定条件)。AnyConnect会定期向ISE发送信息,其中包含已安装/运行的应用和进程列表。AnyConnect可以收集有关所有应用或指定类别(浏览器、加密等)的应用的信息。

    先决条件

    要求

    Cisco 建议您具有以下主题的基础知识:

    • 思科身份服务引擎

    • 客户端调配
    • ISE状态

    使用的组件

    本文档中的信息基于以下软件和硬件版本:

    • 思科身份服务引擎版本2.2.0.470
    • 思科AnyConnect 4.4.00243
    • AnyConnect合规性模块4.2.468.0
    • Windows 7 Service Pack 1

    配置

    配置

    第1部分:配置客户端调配 

    步骤1.上传AnyConnect软件包

    1.导航至Policy > Policy Elements > Results > Client Provisioning > Results on ISE。单击“添加”>“本地磁盘中的代理资源”:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-00.png

    2.选择“类别”作为“思科提供的包”,然后选择“文件”(AnyConnect包):

    210514-ISE-2-2-Client-Provisioning-and-Applicat-01.png

    单击Submit保存更改。

    应要求您确认已上传包的校验和。将它们与思科网站上提供的校验和进行比较,确保软件包未损坏。

    步骤2.下载AnyConnect合规性模块

    在“客户端调配”的“结果”页面上,单击“添加”>“来自思科站点的代理资源”,以便弹出一个包含可用模块的窗口。为Windows选择所需的AnyConnect合规性模块,然后单击保存

    或者,如果您的ISE上没有互联网连接,您可以从cisco.com下载最新的合规性模块,并以与AnyConnect软件包相同的方式将其上传到您的ISE。

    如果网络中有代理,请在“管理”>“系统”>“设置”>“代理”页面对其进行配置。

    步骤3.创建状态配置文件

    在 Results page of Client Provisioning单击Add > NAC Agent or AnyConnect Posture Profile,然后从Posture Agent Profile Settings中选择AnyConnect:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-02.png

    命名配置文件并填写必填字段。单击“提交”保存配置文件。

    步骤4.创建AnyConnect配置

    在Client Provisioning的Results页面上,单击Add > AnyConnect Configuration,然后选择在步骤1中上传的包:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-03.png

    应加载其他选项。填写所有必填字段,然后单击提交保存更改:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-04.png

    Configuration Name — 配置的名称。这用于客户端调配策略(下一步)。

    合规性模块 — 选择在第2步中下载的合规性模块。

    ISE终端安全评估 — 选择在步骤3中创建的AnyConnect终端安全评估配置文件。

    步骤5.配置客户端调配策略

    导航至策略>客户端调配。为Windows创建新策略或编辑现有策略,因此选择已创建的AnyConnect配置:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-05.png

    步骤6.为CP创建授权配置文件

    导航至Policy > Policy Elements > Results > Authorization > Authorization Profiles,然后单击Add以创建新的配置文件。将其配置为重定向到客户端调配门户:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-06.png

    单击Submit保存配置文件。

    请记住,redirect-acl(在本例中,其名为ISE-REDIRECT)应在NAD(网络访问设备)上创建,以便具有正确的重定向。基本重定向ACL不应拦截进出ISE PSN节点、DNS和DHCP的流量。并且应重定向HTTP和HTTPS流量。示例ACL可在以下文档中找到:WLC和ISE上的集中Web身份验证配置示例使用交换机和身份服务引擎的集中Web身份验证配置示例

    步骤7.配置授权策略

    导航至Policy > Authorization,创建2个策略,并选中Posture状态: 

    210514-ISE-2-2-Client-Provisioning-and-Applicat-07.png

    使用此配置时,如果终端未安装AnyConnect或尚未完成状态,则会将其重定向到客户端调配门户。最终用户可以从ISE安装AnyConnect,AnyConnect可以检测ISE并检查状态。

    Click Save.

    第2节。配置状态

    步骤1.更新状态

    导航至管理>设置>状态>更新,然后单击立即更新状态。它包含OPSWAT图表和应用定义,是创建策略所必需的。

    210514-ISE-2-2-Client-Provisioning-and-Applicat-08.png

    或者,如果您的ISE上没有互联网连接,您可以从https://www.cisco.com/web/secure/pmbu/posture-offline.html下载最新的状态更新,然后导航至Administration > System > Settings > Posture > Updates,选择Offline并选择已下载的具有状态更新的文件。单击Update Now上传文件并安装状态更新。

    步骤2.创建应用条件

    AnyConnect仅通过4.x(或更高版本)合规性模块收集有关已安装应用的信息。

    对于3.x版本的合规性模块,只能执行进程检查(这意味着AnyConnect检查是否正在运行指定的进程)。

    使用“应用状态”,可以配置这些组合:

    • 已安装+正在运行 — AnyConnect收集有关当前正在运行的进程的信息,以收集安装信息
    • 已安装+未运行 — AnyConnect仅收集安装信息

    通过Provision by,可以选择:所有名称类别:

    • 如果选择“Everything”,则AnyConnect将尝试收集有关所有已安装应用的信息
    • 如果选择“名称”,则可以为策略选择特定应用。例如:
      210514-ISE-2-2-Client-Provisioning-and-Applicat-09.png
    • 如果选择“类别”,则AnyConnect会从指定类别收集有关所有应用的信息。例如:
      210514-ISE-2-2-Client-Provisioning-and-Applicat-10.png

    要收集有关在策略>策略元素>条件>状态>应用条件中运行的已安装和应用的信息,请单击添加以创建新条件并填写所需字段,如图所示:

      

    210514-ISE-2-2-Client-Provisioning-and-Applicat-11.png

    步骤3.创建安全评估要求

    策略>策略元素>结果>状态>要求中,使用已创建的应用条件创建新要求:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-12.png

    步骤4.创建状态策略

    要使ISE和AnyConnect能够收集有关应用的信息,应将具有应用条件的要求包括在状态策略中。可以在Policy > Posture中创建状态策略。如果您想收集信息以供进一步使用,该要求可设置为“审核”。

    210514-ISE-2-2-Client-Provisioning-and-Applicat-13.png

    第5步(可选)。 更改连续监控间隔

    ISE允许您配置AnyConnect向ISE发送有关应用的更新的频率。默认情况下,间隔设置为5分钟,可以在Administration > Settings > Posture > General Settings中进行更改:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-14.png

      

    第6步(可选)。 创建应用合规性

    从终端收集数据后,可以在Context Visibility > Endpoints > [ENDPOINT]上创建应用合规性:

    1. 选择应用:
      210514-ISE-2-2-Client-Provisioning-and-Applicat-15.png

    2. 单击“策略操作”>“创建应用合规性”
      210514-ISE-2-2-Client-Provisioning-and-Applicat-16.png

    3. 在弹出窗口中填写字段:
      210514-ISE-2-2-Client-Provisioning-and-Applicat-17.png

    4. 单击Save Policy(保存策略),应创建这些项目:
      • 状态应用条件
      • 状态应用补救操作
      • 状态要求
      • 状态策略

    验证

      

    使用本部分可确认配置能否正常运行。

    实时日志

    在RADIUS LiveLogs中,流看起来像常见的状态流:身份验证+重定向到调配门户>授权更改(CoA)>符合状态策略的匹配。

    210514-ISE-2-2-Client-Provisioning-and-Applicat-18.png

    终端

    在客户端调配(如果AnyConnect之前未调配)和连续监控间隔配置之后,可以在情景可视性(Context Visibility)>终端(Endpoints)上验证数据收集过程。点击终端的MAC地址,终端的页面应打开。它包含有关终端本身上安装的应用的信息:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-19.png

    由于CSCve82743,您需要访问终端两次,然后点击“刷新”(Refresh)以呈现应用表。

    状态策略元素

    这些元素应使用“创建应用合规性”选项创建:

    • 状态应用条件
    • 状态应用补救操作
    • 状态要求
    • 状态策略

    每个都可从ISE GUI进行验证。条件位于策略>策略元素>条件>状态>应用条件:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-20.png

    补救位于Policy > Policy Elements > Results > Posture > Remediation Actions > Application Remediations:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-21.png

    要求位于策略>策略元素>结果>状态>要求:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-22.png

    策略位于策略(Policy)>状态(Posture:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-23.png

    报告

    每个终端的每个终端安全评估报告都存储在ISE上,并可以从操作>报告进行检查。状态报告有以下几种变体:

    • 终端安全评估 — 它提供有关特定终端安全评估合规性的详细信息。
    • 状态评估(按条件) — 提供状态策略条件的详细信息。它显示哪些条件失败以及通过了哪些条件。仅显示Mandatory和Optional条件。

    状态评估(按条件)

    状态评估(按条件)如图所示。在本示例中,一个必备条件失败,因此状态变为不合规:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-24.png

    终端安全评估

    终端安全评估:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-25.png

    单击详细信息报告图标可检查每个状态检查的详细信息 —  210514-ISE-2-2-Client-Provisioning-and-Applicat-26.png

    故障排除

    本部分提供了可用于对配置进行故障排除的信息。

    从ISE

    ise-psc.log包含所有状态相关信息,包括调试。可以在Administration > System > Logging > Debug Log Configuration上启用状态调试。组件名称为posture:

    210514-ISE-2-2-Client-Provisioning-and-Applicat-27.png

    一旦终端连接到网络并且AnyConnect可以访问ISE,ISE将检查EP是否应根据已配置的状态检查进行检查并检测EP上安装的合规性模块版本。根据收集的信息,ISE为EP - NAC代理xml生成状态查询并加密。稍后,ISE将此查询发送到AnyConnect。

    2017-01-04 19:19:13,686 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PostureHandlerImpl -:cisco:::- About to query posture policy for user cisco with endpoint mac C0-4A-00-15-75-C8 
2017-01-04 19:19:13,687 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PostureManager -:cisco:::- agentCMVersion=4.2.468.0, agentType=AnyConnect Posture Agent, groupName=OESIS_V4_Agents -> found agent group with displayName=4.x or later
2017-01-04 19:19:13,687 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- User cisco belongs to groups NAC Group:NAC:IdentityGroups:Endpoint Identity Groups:Profiled:Workstation,NAC Group:NAC:IdentityGroups:Any
2017-01-04 19:19:13,687 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- About to retrieve posture policy resources for os 7 Enterprise, agent group 4.x or later and identity groups [NAC Group:NAC:IdentityGroups:Endpoint Identity Groups:Profiled:Workstation, NAC Group:NAC:IdentityGroups:Any]
2017-01-04 19:19:13,687 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Evaluate resourceId NAC Group:NAC:Posture:PosturePolicies:Apps by agent group with FQN NAC Group:NAC:AgentGroupRoot:ALL:OESIS_V4_Agents
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- The evaluation result by agent group for resourceId NAC Group:NAC:Posture:PosturePolicies:Apps is Permit
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Evaluate resourceId NAC Group:NAC:Posture:PosturePolicies:Apps by OS group with FQN NAC Group:NAC:OsGroupRoot:ALL:WINDOWS_ALL:WINDOWS_7_ALL:WINDOWS_7_ENTERPRISE_ALL
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- stealth mode is 0
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- The evaluation result by os group for resourceId NAC Group:NAC:Posture:PosturePolicies:Apps is Permit
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Evaluate resourceId NAC Group:NAC:Posture:PosturePolicies:Apps by Stealth mode NSF group with FQN NAC Group:NAC:StealthModeStandard
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Procesing obligation with posture policy resource with id NAC Group:NAC:Posture:PosturePolicies:Apps
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Found obligation id urn:cisco:cepm:3.3:xacml:response-qualifier for posture policy resource with id NAC Group:NAC:Posture:PosturePolicies:Apps
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Found obligation id PostureReqs for posture policy resource with id NAC Group:NAC:Posture:PosturePolicies:Apps
2017-01-04 19:19:13,688 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- Posture policy resource id Apps has following associated requirements []
2017-01-04 19:19:13,720 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cpm.posture.runtime.agent.AgentXmlGenerator -:cisco:::- policy enforcemnt is 2
2017-01-04 19:19:13,720 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cpm.posture.runtime.agent.AgentXmlGenerator -:cisco:::- simple condition: [Name=Apps_Collection, Description=null, Application State =installed,runnning, Provision By =Everything, monitory  Categories = []]
2017-01-04 19:19:13,720 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cpm.posture.runtime.agent.AgentXmlGenerator -:cisco:::- check type is ApplicationVisibility
2017-01-04 19:19:13,800 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PostureHandlerImpl -:cisco:::- NAC agent xml <?xml version="1.0" encoding="UTF-8"?><cleanmachines>
  <version>ISE: 2.2.0.423</version>
  <encryption>0</encryption>
  <package>
    <id>12</id>
    <name>Apps_collection</name>
    <description>Apps Check</description>
    <version/>
    <type>3</type>
    <optional>2</optional>
    <action>3</action>
    <check>
      <id>Apps_Collection</id>
      <category>12</category>
      <type>1202</type>
      <monitor>ALL</monitor>
      <evaluation>periodic</evaluation>
    </check>
    <criteria>(Apps_Collection)</criteria>
  </package>
</cleanmachines>

2017-01-04 19:19:13,800 INFO   [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- StatusUtil - getPosturePolicyHTML [<cleanmachines><version>ISE: 2.2.0.423</version><encryption>0</encryption><package><id>12</id><name>Apps_collection</name><description>Apps Check</description><version/><type>3</type><optional>2</optional><action>3</action><check><id>Apps_Collection</id><category>12</category><type>1202</type><monitor>ALL</monitor><evaluation>periodic</evaluation></check><criteria>(Apps_Collection)</criteria></package></cleanmachines>]
2017-01-04 19:19:13,800 INFO   [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- StatusUtil -getPosturePolicyHTML - do encrypt 
2017-01-04 19:19:13,800 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- Encrypting policy using AES key.
2017-01-04 19:19:13,800 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.CipherUtil -:cisco:::- Encrypting message using AES.
2017-01-04 19:19:13,800 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- IV Base 64: AeUQGbj6CP/jMB+cTIGIGQ==
2017-01-04 19:19:13,801 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.util.StatusUtil -:cisco:::- StatusUtil.getPosturePolicyHTML() returns <!--X-Perfigo-UserKey=--><!--X-Perfigo-Provider=Device Filter--><!--X-Perfigo-UserName=cisco--><!--error=1010--><!--X-Perfigo-DM-Error=1010--><!--user role=--><!--X-Perfigo-OrigRole=--><!--X-Perfigo-DM-Scan-Req=0--><!--X-ISE-IV=AeUQGbj6CP/jMB+cTIGIGQ==--><!--X-Perfigo-DM-Software-List=f5aGq8rU5wx7hFS9WnugNhy/6HaSxNtKesoqAjYkecEk56t+I/J93PtAYU0XLq451NXQhReuFktImYEPEnWwOs1bV5oOTuTsY3kEbcuR4p5Sp0cfz/j98YEubNtSKDCUGt5U8dhpOJqMYTV4UcaSP/D0FXYm10gFEjPxpPghyWcplzYwcpehIX+2vOYOSzPTEvM2kDdHTkof+/UYvBfGv8Y7YkK9P61upfSedIqdynyxUbeqknXkoCaWvUawJLVWiXAJs2atsCwJjXitwNHYzCuH/mBz/Y9AUvbLCB/cutCeyVCl7ij8wtXUAt2NpKqeEj0COOxnp5B35JTBfOSXHfVjL29E5JALaun6RR8yJlkd4apk7qflnjsu451CHY/SbKTMnqjV5bNwXfuCBf++X6X/mh0nwk+r2iWhJJFyqmNxBm2BvcJAJXOKOV7xHIhgmLj+etF4Sss/zwnFT4+WTzKI+BpbrVdnZjUP7+uvbQbIPtRFqJVI5StjZlIP4vLzFWKbWXI+itTX6hjqvNhiT2zwktvIboUZXaBV6yS5/+5cYMU3+EhWxIx/UVo0o7sX--><!--X-Perfigo-DM-Session-Time=240-->
2017-01-04 19:19:13,801 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PosturePolicyUtil -:cisco:::- User cisco belongs to groups NAC Group:NAC:IdentityGroups:Endpoint Identity Groups:Profiled:Workstation,NAC Group:NAC:IdentityGroups:Any
2017-01-04 19:19:13,801 DEBUG  [http-bio-10.48.26.60-8443-exec-9][] cisco.cpm.posture.runtime.PostureHandlerImpl -:cisco:::- Sending response to endpoint C0-4A-00-15-75-C8 http response [[ <!--X-Perfigo-UserKey=--><!--X-Perfigo-Provider=Device Filter--><!--X-Perfigo-UserName=cisco--><!--error=1010--><!--X-Perfigo-DM-Error=1010--><!--user role=--><!--X-Perfigo-OrigRole=--><!--X-Perfigo-DM-Scan-Req=0--><!--X-ISE-IV=AeUQGbj6CP/jMB+cTIGIGQ==--><!--X-Perfigo-DM-Software-List=f5aGq8rU5wx7hFS9WnugNhy/6HaSxNtKesoqAjYkecEk56t+I/J93PtAYU0XLq451NXQhReuFktImYEPEnWwOs1bV5oOTuTsY3kEbcuR4p5Sp0cfz/j98YEubNtSKDCUGt5U8dhpOJqMYTV4UcaSP/D0FXYm10gFEjPxpPghyWcplzYwcpehIX+2vOYOSzPTEvM2kDdHTkof+/UYvBfGv8Y7YkK9P61upfSedIqdynyxUbeqknXkoCaWvUawJLVWiXAJs2atsCwJjXitwNHYzCuH/mBz/Y9AUvbLCB/cutCeyVCl7ij8wtXUAt2NpKqeEj0COOxnp5B35JTBfOSXHfVjL29E5JALaun6RR8yJlkd4apk7qflnjsu451CHY/SbKTMnqjV5bNwXfuCBf++X6X/mh0nwk+r2iWhJJFyqmNxBm2BvcJAJXOKOV7xHIhgmLj+etF4Sss/zwnFT4+WTzKI+BpbrVdnZjUP7+uvbQbIPtRFqJVI5StjZlIP4vLzFWKbWXI+itTX6hjqvNhiT2zwktvIboUZXaBV6yS5/+5cYMU3+EhWxIx/UVo0o7sX--><!--X-Perfigo-DM-Session-Time=240--> ]]
2017-01-04 19:19:13,959 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- receiving request from client C0:4A:00:15:75:C8 10.62.148.162 bcu5ksw0
2017-01-04 19:19:13,966 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Found the ipAddress that matched the http request remote address 10.62.148.162 and corresponding client mac address C0-4A-00-15-75-C8
2017-01-04 19:19:13,966 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureRuntimeFactory -::::- looking for Radius session with input values : sessionId: 0a3e946500000066586d3c42, MacAddr: C0-4A-00-15-75-C8, ipAddr: 10.62.148.162 
2017-01-04 19:19:13,966 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureRuntimeFactory -::::- looking for session using session ID: 0a3e946500000066586d3c42, IP addrs: [10.62.148.162], mac Addrs [C0-4A-00-15-75-C8]
2017-01-04 19:19:13,966 DEBUG  [http-bio-10.48.26.60-8443-exec-5][] cisco.cpm.posture.runtime.PostureRuntimeFactory -::::- Found session using sessionId 0a3e946500000066586d3c42

     AnyConnect的完整报告。此报告包含与已配置应用条件匹配的所有已找到应用的信息。

    2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- UDID is 766bb955e51e4ab063fd478c63acee81260ca592 for end point C0-4A-00-15-75-C8
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- os version from user agent is 1.2.1.6.1.4
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Received posture request [parameters: reqtype=, userip=10.62.148.162, clientmac=C0-4A-00-15-75-C8, os=, osVerison=1.2.1.6.1.4, architecture=, provider=, state=, userAgent=Mozilla/4.0 (compatible; WINDOWS; 1.2.1.6.1.4; AnyConnect Posture Agent v.4.4.00209), session_id=
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Found a session info for endpoint C0-4A-00-15-75-C8 cisco
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Got userid cisco from cache for endpoint C0-4A-00-15-75-C8/
2017-01-04 19:19:37,358 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Report IV in Base64: JjneGgZcJbmjqMKQcy8kJg==
2017-01-04 19:19:37,359 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Using AES shared secret to decrypt report.
2017-01-04 19:19:37,359 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.util.CipherUtil -::::- Decrypting message using AES.
2017-01-04 19:19:37,359 DEBUG  [http-bio-10.48.26.60-8443-exec-3][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Decrypted report [[ <report><version>1000</version><package><id>12</id><status>1</status><check><chk_id>Apps_Collection</chk_id><diff>0</diff><application><diff>0</diff><id></id><name>Adobe Flash Player 23 NPAPI</name><vendor>Adobe Systems Incorporated</vendor><version>23.0.0.207</version><category>Unclassified</category></application><application><diff>0</diff><id>104</id><name>Adobe Flash Player</name><vendor>Adobe Systems Inc.</vendor><version>23.0.0.207</version><path>C:\Windows\SysWOW64\Macromed\Flash\</path><category>Unclassified</category></application><application><diff>0</diff><id>873</id><name>BitLocker Drive Encryption</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>DiskEncryption</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect Diagnostics and Reporting Tool</name><vendor>Cisco Systems, Inc.</vendor><version>4.4.00209</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\DART\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect ISE Compliance Module</name><vendor>Cisco Systems, Inc</vendor><version>4.2.468.0</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\opswat\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect ISE Posture Module</name><vendor>Cisco Systems, Inc.</vendor><version>4.4.00209</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\</path><category>Unclassified</category><process><diff>0</diff><pid>704</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnagent.exe</path><hash>7D7502DE53F0282A7AFC98BE89F54D39FDEC3FAC2A1F32674C76967ADC695E09</hash></process><process><diff>0</diff><pid>1296</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseagent.exe</path><hash>7E156520C184334D473506FFE8A482997581ACF6ABD34231FDEDC2B9A3A12066</hash></process><process><diff>0</diff><pid>3076</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnui.exe</path><hash>0131258625A16B78125EB2081E8D5678671B6DE52DDA9E0813D4674618177DC3</hash></process><process><diff>0</diff><pid>3384</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\acise.exe</path><hash>8636F5761663A0EB9EDE263609B6AEF0EA52292E5B093AD4C453097583F365DD</hash></process><process><diff>0</diff><pid>15924</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseposture.exe</path><hash>7FA4B3B6F688642E800AD53B865DBDCC163FBCA92D83482248DB068BA42192EA</hash></process></application><application><diff>0</diff><id></id><name>Cisco AnyConnect Profile Editor</name><vendor>Cisco Systems, Inc.</vendor><version>4.1.08005</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Profile Editor\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect Secure Mobility Client </name><vendor>Cisco Systems, Inc.</vendor><version>4.4.00209</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Cisco AnyConnect Secure Mobility Client</name><vendor>Cisco Systems, Inc.</vendor><version>4.4.00209</version><path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\</path><category>Unclassified</category><process><diff>0</diff><pid>704</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnagent.exe</path><hash>7D7502DE53F0282A7AFC98BE89F54D39FDEC3FAC2A1F32674C76967ADC695E09</hash></process><process><diff>0</diff><pid>1296</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseagent.exe</path><hash>7E156520C184334D473506FFE8A482997581ACF6ABD34231FDEDC2B9A3A12066</hash></process><process><diff>0</diff><pid>3076</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnui.exe</path><hash>0131258625A16B78125EB2081E8D5678671B6DE52DDA9E0813D4674618177DC3</hash></process><process><diff>0</diff><pid>3384</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\acise.exe</path><hash>8636F5761663A0EB9EDE263609B6AEF0EA52292E5B093AD4C453097583F365DD</hash></process><process><diff>0</diff><pid>15924</pid><path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseposture.exe</path><hash>7FA4B3B6F688642E800AD53B865DBDCC163FBCA92D83482248DB068BA42192EA</hash></process></application><application><diff>0</diff><id></id><name>Cisco NAC Agent </name><vendor>Cisco Systems, Inc.</vendor><version>4.9.5.10</version><path>C:\Program Files (x86)\Cisco\Cisco NAC Agent\</path><category>Unclassified</category><process><diff>0</diff><pid>1444</pid><path>c:\program files (x86)\cisco\cisco nac agent\nacagent.exe</path><hash>502EF2A864254A2DF555E029BE2C39E94B111E8B01534D7161826650DE4CEB4D</hash></process><process><diff>0</diff><pid>2320</pid><path>c:\program files (x86)\cisco\cisco nac agent\nacagentui.exe</path><hash>DC617419F082BEAF26521E48CB410282631F93F1359E604A4D3D181A04FEE1FB</hash></process></application><application><diff>0</diff><id>293</id><name>DAEMON Tools Lite</name><vendor>Disc Soft Ltd</vendor><version>4.49.1.0356</version><path>C:\Program Files (x86)\DAEMON Tools Lite\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Digital Operatives PAINT Beta</name><vendor></vendor><version>0.0</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>FileZilla Server</name><vendor>FileZilla Project</vendor><version>beta 0.9.44</version><path>C:\Program Files (x86)\FileZilla Server\</path><category>Unclassified</category><process><diff>0</diff><pid>1408</pid><path>c:\program files (x86)\filezilla server\filezilla server.exe</path><hash>E8DB1409DB694A90C759F418346AE5D71014AE3513A8B865B50923AD0DFEE395</hash></process><process><diff>0</diff><pid>2348</pid><path>c:\program files (x86)\filezilla server\filezilla server interface.exe</path><hash>F57B0A7F4A9EBAACC1A67323EBB93D96FA910524FAE842953551DBA103EF71C5</hash></process></application><application><diff>0</diff><id>180</id><name>FileZilla</name><vendor>FileZilla Project</vendor><version>3.8.1.0</version><path>C:\Program Files (x86)\FileZilla FTP Client\</path><category>FileShare</category></application><application><diff>0</diff><id>39</id><name>Google Chrome</name><vendor>Google Inc.</vendor><version>55.0.2883.87</version><path>C:\Program Files (x86)\Google\Chrome\Application\</path><category>AntiPhishing,Browser</category></application><application><diff>0</diff><id></id><name>Google Update Helper</name><vendor>Google Inc.</vendor><version>1.3.24.15</version><category>Unclassified</category></application><application><diff>0</diff><id>100</id><name>Internet Explorer</name><vendor>Microsoft Corporation</vendor><version>11.0.9600.18524</version><path>C:\Program Files\Internet Explorer\</path><category>AntiPhishing,Browser</category></application><application><diff>0</diff><id></id><name>Java 7 Update 79</name><vendor>Oracle</vendor><version>7.0.790</version><path>C:\Program Files (x86)\Java\jre7\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Java 8 Update 91</name><vendor>Oracle Corporation</vendor><version>8.0.910.15</version><path>C:\Program Files (x86)\Java\jre1.8.0_91\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Java Auto Updater</name><vendor>Oracle Corporation</vendor><version>2.8.91.15</version><category>Unclassified</category></application><application><diff>0</diff><id>111</id><name>Java</name><vendor>Oracle Corporation</vendor><version>7.0.790.15</version><path>C:\Program Files (x86)\Java\jre7\bin\</path><category>Unclassified</category></application><application><diff>0</diff><id>111</id><name>Java</name><vendor>Oracle Corporation</vendor><version>8.0.910.15</version><path>C:\Program Files (x86)\Java\jre1.8.0_91\bin\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft .NET Framework 4.6.1</name><vendor>Microsoft Corporation</vendor><version>4.6.01055</version><path>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft Network Monitor 3.4</name><vendor>Microsoft Corporation</vendor><version>3.4.2350.0</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft Network Monitor: NetworkMonitor Parsers 3.4</name><vendor>Microsoft Corporation</vendor><version>3.4.2350.0</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148</name><vendor>Microsoft Corporation</vendor><version>9.0.30729.4148</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</name><vendor>Microsoft Corporation</vendor><version>9.0.30729.4148</version><category>Unclassified</category></application><application><diff>0</diff><id>44</id><name>Mozilla Firefox</name><vendor>Mozilla Corporation</vendor><version>47.0.2</version><path>C:\Program Files (x86)\Mozilla Firefox\</path><category>AntiPhishing,Browser</category><process><diff>0</diff><pid>8292</pid><path>c:\program files (x86)\mozilla firefox\firefox.exe</path><hash>47F80E4FC4C43FAF468D94F5D51AAC78A125CC720FCBEA0B88B5F29D06719CE9</hash></process></application><application><diff>0</diff><id></id><name>Mozilla Maintenance Service</name><vendor>Mozilla</vendor><version>47.0.2.6148</version><category>Unclassified</category></application><application><diff>0</diff><id>298</id><name>Notepad++</name><vendor>Notepad++ Team</vendor><version>6.63</version><path>C:\Program Files (x86)\Notepad++\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2)</name><vendor>Microsoft Corporation</vendor><version>2</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3142037)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Security Update for Microsoft .NET Framework 4.6.1 (KB3164025)</name><vendor>Microsoft Corporation</vendor><version>1</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>TP-LINK TL-WDN3200 Driver</name><vendor>TP-LINK</vendor><version>1.1.0</version><path>C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility and Driver\</path><category>Unclassified</category></application><application><diff>0</diff><id></id><name>Tftpd32 Standalone Edition (remove only)</name><vendor></vendor><version>0.0</version><category>Unclassified</category></application><application><diff>0</diff><id></id><name>VMware Tools</name><vendor>VMware, Inc.</vendor><version>9.4.15.2827462</version><path>C:\Program Files\VMware\VMware Tools\</path><category>Unclassified</category><process><diff>0</diff><pid>952</pid><path>c:\program files\vmware\vmware tools\vmtoolsd.exe</path><hash>5C642EF7F4EF65A0445B2C2CD227F9431835712EE7F1BD4D01D1F7472199DE47</hash></process><process><diff>0</diff><pid>1516</pid><path>c:\program files\vmware\vmware tools\vmtoolsd.exe</path><hash>5C642EF7F4EF65A0445B2C2CD227F9431835712EE7F1BD4D01D1F7472199DE47</hash></process></application><application><diff>0</diff><id></id><name>WinPcap 4.1.3</name><vendor>Riverbed Technology, Inc.</vendor><version>4.1.0.2980</version><category>Unclassified</category></application><application><diff>0</diff><id>300</id><name>WinPcap</name><vendor>Riverbed Technology, Inc.</vendor><version>4.1.0.2980</version><path>C:\Program Files (x86)\WinPcap\</path><category>Unclassified</category></application><application><diff>0</diff><id>923</id><name>Windows Backup and Restore</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>BackupClient</category></application><application><diff>0</diff><id>362</id><name>Windows Defender</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Program Files\Windows Defender\</path><category>AntiMalware</category></application><application><diff>0</diff><id>283</id><name>Windows Firewall</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>FireWall</category></application><application><diff>0</diff><id>1612</id><name>Windows Media Player</name><vendor>Microsoft Corporation</vendor><version>12.0.7601.23517</version><path>C:\Program Files\Windows Media Player\</path><category>Unclassified</category><process><diff>0</diff><pid>1596</pid><path>c:\program files\windows media player\wmpnetwk.exe</path><hash>306467D280E99D0616E839278A4DB5BED684F002AE284C3678CABB5251459CB3</hash></process></application><application><diff>0</diff><id>1587</id><name>Windows Security Health Agent</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>HealthAgent</category></application><application><diff>0</diff><id>1090</id><name>Windows Update Agent</name><vendor>Microsoft Corporation</vendor><version>7.6.7601.19161</version><path>C:\Windows\System32\</path><category>PatchManagement</category></application><application><diff>0</diff><id>1106</id><name>Windows VPN Client</name><vendor>Microsoft Corporation</vendor><version>6.1.7600.16385</version><path>C:\Windows\System32\</path><category>VPNClient</category></application><application><diff>0</diff><id>207</id><name>Wireshark</name><vendor>The Wireshark developer community</vendor><version>1.10.7</version><path>C:\Program Files (x86)\Wireshark\</path><category>Unclassified</category></application></check></package></report> ]]
...

    所有报告都是XML字符串。格式化报告示例:

    <report>
	<version>1000</version>
	<package>
		<id>12</id>
		<status>1</status>
		<check>
			<chk_id>Apps_Collection</chk_id>
			<diff>0</diff>
			<application>
				<diff>0</diff>
				<id>104</id>
				<name>Adobe Flash Player</name>
				<vendor>Adobe Systems Inc.</vendor>
				<version>23.0.0.207</version>
				<path>C:\Windows\SysWOW64\Macromed\Flash\</path>
				<category>Unclassified</category>
			</application>
...
			<application>
				<diff>0</diff>
				<id></id>
				<name>Cisco AnyConnect ISE Posture Module</name>
				<vendor>Cisco Systems, Inc.</vendor>
				<version>4.4.00209</version>
				<path>C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\</path>
				<category>Unclassified</category>
				<process>
					<diff>0</diff>
					<pid>704</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnagent.exe</path>
					<hash>7D7502DE53F0282A7AFC98BE89F54D39FDEC3FAC2A1F32674C76967ADC695E09</hash>
				</process>
				<process>
					<diff>0</diff>
					<pid>1296</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseagent.exe</path>
					<hash>7E156520C184334D473506FFE8A482997581ACF6ABD34231FDEDC2B9A3A12066</hash>
				</process>
				<process>
					<diff>0</diff>
					<pid>3076</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnui.exe</path>
					<hash>0131258625A16B78125EB2081E8D5678671B6DE52DDA9E0813D4674618177DC3</hash>
				</process>
				<process>
					<diff>0</diff>
					<pid>3384</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\acise.exe</path>
					<hash>8636F5761663A0EB9EDE263609B6AEF0EA52292E5B093AD4C453097583F365DD</hash>
				</process>
				<process>
					<diff>0</diff>
					<pid>15924</pid>
					<path>c:\program files (x86)\cisco\cisco anyconnect secure mobility client\aciseposture.exe</path>
					<hash>7FA4B3B6F688642E800AD53B865DBDCC163FBCA92D83482248DB068BA42192EA</hash>
				</process>
			</application>
    ...
		</check>
	</package>
</report>

    AnyConnect仅在首次连接时发送完整报告。此外,它只发送更改。例如,Notepad++在一段时间后启动:

    2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Received posture request [parameters: reqtype=, userip=10.62.148.162, clientmac=C0-4A-00-15-75-C8, os=, osVerison=1.2.1.6.1.4, architecture=, provider=, state=, userAgent=Mozilla/4.0 (compatible; WINDOWS; 1.2.1.6.1.4; AnyConnect Posture Agent v.4.4.00209), session_id=
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Found a session info for endpoint C0-4A-00-15-75-C8 cisco
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Got userid cisco from cache for endpoint C0-4A-00-15-75-C8/
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Report IV in Base64: JjneGgZcJbmjqMKQcy8kJg==
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Using AES shared secret to decrypt report.
2017-01-04 19:24:37,929 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.util.CipherUtil -::::- Decrypting message using AES.
2017-01-04 19:24:37,930 DEBUG  [http-bio-10.48.26.60-8443-exec-7][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Decrypted report [[ <report><version>1000</version><package><id>12</id><status>1</status><check><chk_id>Apps_Collection</chk_id><diff>1</diff><application><diff>2</diff><id>298</id>
       
       
         Notepad++ 
       <vendor>Notepad++ Team</vendor><version>6.63</version><path>C:\Program Files (x86)\Notepad++\</path><category>Unclassified</category><process><diff>0</diff>
       
       
         16460 
       <path>c:\program files (x86)\notepad++\notepad++.exe</path><hash>43E9F528CD2405E6DD117857D440A634769C6E11C4D986605354C2605B6E7D84</hash></process></application></check></package></report> ]]

    格式化:

    <report>
	<version>1000</version>
	<package>
		<id>12</id>
		<status>1</status>
		<check>
			<chk_id>Apps_Collection</chk_id>
			<diff>1</diff>
			<application>
				<diff>2</diff>
				<id>298</id>
				
       
       
         Notepad++ 
       
				<vendor>Notepad++ Team</vendor>
				<version>6.63</version>
				<path>C:\Program Files (x86)\Notepad++\</path>
				<category>Unclassified</category>
				<process>
					<diff>0</diff>
					
       
       
         16460 
       
					<path>c:\program files (x86)\notepad++\notepad++.exe</path>
					<hash>43E9F528CD2405E6DD117857D440A634769C6E11C4D986605354C2605B6E7D84</hash>
				</process>
			</application>
		</check>
	</package>
</report>

    从AnyConnect

    文件AnyConnect_ISEPosture.txt包含所有相关日志和调试。此文件可在终端上收集的DART捆绑包中找到。以下是定期报告的示例,它使用AES256加密:

    ******************************************

Date        : 01/04/2017
Time        : 19:34:38
Type        : Unknown
Source      : acise

Description : Function: Authenticator::bldMonitorReport
Thread Id: 0xD3C
File: Authenticator.cpp
Line: 724
Level: info

Monitor Report: &user_key=dummykey&cm=10&ops=1&mac_list=C0%3a4A%3a00%3a15%3a75%3aC8&ip_list=10%2e62%2e148%2e162&hostname=TSOPREK%2dWIN7%2d1&udid=766bb955e51e4ab063fd478c63acee81260ca592&dm_report_client_IV=JjneGgZcJbmjqMKQcy8kJg%3d%3d&dm_report=2yWwY7QzHWCY%2fDVEESSAabEZtYLtxNE7QgyOOa85Dgo2Ts4ok8sIrBM37S2%2fe2Hs0URCP4KkfY4Ap8%2bh%2fqS%2biw50CZejKG%2bVbF7RTRqZyrg2veWAwvEDsSb%2bqWRRdzvZfSjS3G4ApQi07qnfExwN1IvCqrVOplj17TAcVXEht8NkDg0OT9jM%2fTNH%2fMKllc0o6Ha5juJo4YtWDWY%2bnOancw%3d%3d. 

******************************************

Date        : 01/04/2017
Time        : 19:34:38
Type        : Unknown
Source      : acise

Description : Function: Authenticator::buildAndSendHttpMsg
Thread Id: 0xD3C
File: Authenticator.cpp
Line: 196
Level: debug

MSG_SN_HTTP_REQUEST, {{url="https://ise22-pri.example.com:8443/auth/perfigo_validate.jsp"}, {server="ise22-pri.example.com"}, {method="post"}, {object_path=""}, {reuse_existing=1}, {close_when_done=0}, {pkt="&user_key=dummykey&cm=10&ops=1&mac_list=C0%3a4A%3a00%3a15%3a75%3aC8&ip_list=10%2e62%2e148%2e162&hostname=TSOPREK%2dWIN7%2d1&udid=766bb955e51e4ab063fd478c63acee81260ca592&dm_report_client_IV=JjneGgZcJbmjqMKQcy8kJg%3d%3d&dm_report=2yWwY7QzHWCY%2fDVEESSAabEZtYLtxNE7QgyOOa85Dgo2Ts4ok8sIrBM37S2%2fe2Hs0URCP4KkfY4Ap8%2bh%2fqS%2biw50CZejKG%2bVbF7RTRqZyrg2veWAwvEDsSb%2bqWRRdzvZfSjS3G4ApQi07qnfExwN1IvCqrVOplj17TAcVXEht8NkDg0OT9jM%2fTNH%2fMKllc0o6Ha5juJo4YtWDWY%2bnOancw%3d%3d"}, {path=""}, {type=1}}. 

******************************************

Date        : 01/04/2017
Time        : 19:34:39
Type        : Unknown
Source      : acise

Description : Function: HttpHandler::createOutgoingHTTPSMessage
Thread Id: 0xD3C
File: HttpHandler.cpp
Line: 295
Level: debug

MSG_NS_HTTP_RESPONSE, {{success=1}, {pkt="<!--error=0--><!--X-Perfigo-DM-Error=0--><!--X-Perfigo-Monitoring-Interval=5-->"}, {type=1}}.

    常见问题

    AnyConnect无法访问ISE

    在本例中,AnyConnect_ISEPosture.txt包含错误:

    ******************************************

Date        : 01/04/2017
Time        : 20:04:40
Type        : Unknown
Source      : acise

Description : Function: Authenticator::buildAndSendHttpMsg
Thread Id: 0xD3C
File: Authenticator.cpp
Line: 196
Level: debug

MSG_SN_HTTP_REQUEST, {{url="https://ise22-pri.example.com:8443/auth/perfigo_validate.jsp"}, {server="ise22-pri.example.com"}, {method="post"}, {object_path=""}, {reuse_existing=1}, {close_when_done=0}, {pkt="&user_key=dummykey&cm=10&ops=1&mac_list=C0%3a4A%3a00%3a15%3a75%3aC8&ip_list=10%2e62%2e148%2e162&hostname=TSOPREK%2dWIN7%2d1&udid=766bb955e51e4ab063fd478c63acee81260ca592&dm_report_client_IV=JjneGgZcJbmjqMKQcy8kJg%3d%3d&dm_report=2yWwY7QzHWCY%2fDVEESSAabEZtYLtxNE7QgyOOa85Dgo2Ts4ok8sIrBM37S2%2fe2Hs0URCP4KkfY4Ap8%2bh%2fqS%2biw50CZejKG%2bVbF7RTRqZyrg2veWAwvEDsSb%2bqWRRdzvZfSjS3G4ApQi07qnfExwN1Pdu7AztTn%2f3VYph9WNF1jGljXSuTFmr38e%2bvDXQnx7avYHs9meVItYqA6MecAJK3WdkBNSrK1bYjmIvzkAPqR2LuoflnA9IcNOTZQ9iN%2fknOjlLqsiV5eV6jlMSUeOakKsTwy1gbPsFz99eKdtaCMv1F%2fsAmvLApjpke0IMKorXXkvpJURtAtOMK75ltXdykC85ihgHcI10JW7mlpvIppk5MbCZjihQbXldr5%2fQVdpB8eRqMHF1iCK1gx96lwwdzBSfr%2bgrcF4072fYYNOa9cYnTFShgU%2bxrnBDcJ1GUoYE9K5nTfGQ01p4NrcbLjpM79e14v14YgfQhmSfktwxfA8pY7A6jmL3BIp3O9gmQVnoTqaaccqkW76uT%2bPkjVOyrOgdG0CYwUwUMVqpctGKorxx1C3IwXhBWUmvRY9p2LRdePRqnCN8hpiesyk%2bzTnyX0OaNdHD6%2bGEMGo9QjQvwrL9dcvrUxxHtlQcJPekXajXPfn98FpC8z%2b966tcz4DfMN6giSlEfK6y5%2bMpk0oAL%2fV4XMg296PDocGaeTK1OUR7Qkl%2b7S2fv%2fCfZdiQaTndZ6zHWuimq5JBRElmuKI9hWRN2cPERcDn64ISZZSiz9yPoJPlPPpFsfggkc2PdS0OEEtMiM%2bBjNKcFx2Tcsq76eYfDtvDq9tGzjST8opInlIiXdAzdbeWsjCAerCvS73xg2vd2DHfpFlrd5lVa3qwo3Vov3nFiAz4l3IrI1fOHjAE7rCZTy2dWU455icOjmO%2bCVAS3SzWCea4fZu3fAhmIhAVQKE1cFZ4CyyBv8934OVw62Bxu5ij0wbHOStA8TSbxJXyuGBw8cqTPfuUtqPLx6nWtcRZ6p13MuQTq%2bKZLZ7hwY2Urf1o1Gi9OPGyo5zuJZAuQInU%2bkJKU6ycXHZo17Uti3DITCy0%2fG%2bQ2gixzBIpmJctekKJO243rZiU1wbOUPWLzGum8ydRu3im2LiDisXquAu7ipY5P0D475AZN3Cd6nlIPP5MOra493QhX4Il39q%2birT1%2f5F7tI%2fKLv20fWFC%2fjKbfu%2bFe4QIbdtiSCvLkyZ%2bWDwBMWSXHGE11CoErbj4LJP3h4oqLto17riGCYMb%2bRHZXNJA2bwjcfgY4w2FE4hrL0cC6D3YgZxHHpUeT4gMXoXj0EJwODxQwElc9yfoe%2bDgJ4Fy6%2fXc0ymDFYU7oOouAc0nwPKZwhZn4Q3mMZIG5aeOFcx9IM6M47IcMMbo0r78aUk8M94h5f4sK6JxHz75B6JyTx3H%2bxFDJ3j5UtUYj1oir4CLQJgR8ABhMDGxqhAN4c4wA4y790bh2F5PxkVXMGYb4ghFNt3jIHGXRMENPTYkelnD0fa1mMmhJUXE%2fVAshJ8aZwcGCU%2fNhSkCATRXb5UDAmeaSkwe3m4bcRtfBbNZ1l5CNQVH8ZPZsKlGCNpD6dOYkSxa%2ffErYqImEzm9itwSzUujQXI%2f8%2f%2fKewc9jeBujwHqnjuIYg5sJbjk%2bqc%2fwy5hKHTbxFacnFJlgvJhHt3mht8oRC9EbbsULoAK1fvLe4%2fE%2bqFjOe02bw4sQuu1ssMKxLsNQMCTIZFzhl0K6BZdfo1RonKG0MEG1K%2ftSDNC4eyQw9ewYhgpozDVHW1yprpVY9UgcTvFVSh0Vy%2bWde4b0dtmPdhbQhvvsQOSgnxIX6a8GN4AwXEoE7CoP6%2fFZiTAJTuxUKMjC1m8iAsrAurJugnEgaKKugSNkl9y7bgSiYB6zkthDclEyBFWc1rAEcfH6oMJs59aJodXnPSAA9FuyqLCWB%2f3WFZ03efhTviz2101G8%2fsWMxR0w%2fR56oNH2wzUwkmh9oczFaYLpJPzg6k47oh1zmDJraqyvWgzzfPIipa7EKK8YvsuO4BCFgMrDZtYZnCO6B9CFoKDCNJE9Wxl%2bhTdzFCA4GpeLE4nT7y1j113iTV%2faWyImNLaRMU2ZiwuKy%2bd2OH55LqnLBCxrUUIMH7Ku4Mhd%2fYvw1NVpcZZ0L%2bWOkMoephk2XXE4OQAY7Rk%2f%2fRnCbbHlFOVQmEVOoxNneBElleajK%2fxX6C0BZBaebAVYluwdGkkktvgQ5gUvzMiyqbsvzyUMzq%2fhqKY7vVMWUeyCsBnybuGPSILJIkMgdgjiz%2baUZsOyZsUE%2b7PPyiqphqXNRfQ6tj8wTzq7a2Z5XgCYI10Piqj1mg6hY1TiRYuPanyBqh61LFKxblkpQJX2339pqB4RBOzF4%2f3CsvfjU302NSU9fypX5dBYubAZt80DOBe84FSnQIX3pfX2%2fW9LqclyWbxC2QSOfHoe6TgkCiOall%2fqUHWqeOogbgLO5s5ffBoNmUCxhJW%2fH1EqKcsFzA%2ba%2f2Q0%2bs2m99Rqlxdd55bg67LXVPGfKh2dbVHjghXjO90nLEtVwCfs8oMUIg%2bmnip%2fdA7wDz4Nsma2W0ugEhOjpfFbL2TxHLhE0r%2bwy3t%2bosvtaXNJZg84LJKpt3J%2bmc0pnIBH5S5H7zrNDKUnIYXY8BD5n1clZi4wwkRIp62avJw7lN22zNHsjp7NUjTYw9X%2f1Iti1TKxjPZuitU%2bITeCRRHzeoaeGbzE1E%2bGSSqemw7F1wx4w9JXHDajH%2bY4iX7z2Y4OrY1JQQleeS9KWzw5HdiCpuHmhMtLMSpz%2fGagw7KeaLEe9FxwrOYILS%2fXuBStZ1XOpbQHIlH0ZdQbv2I%2bA%2f3j3GvalSul%2f0YVWlPPPIC2OgkSSbd4HyXXh9TEB8dhDmfucy5VEZ5MsuOTgytkALNSK0t9cyvsAcWTQf0uVAMnyBeaMPJAvdE9fXUiH628eMD9PHvt3cL0GYdRR9WBUcszIFtJNIA5AXj7abdbc6VZ8DqX4YfJ1xgTqg2qKSJqXvtbi5BJU49BGaxu01Ta6eBo2ABLtgBxKzb8DYNYqyqRB%2bYkgr5YdU6z6va15jQJYGUJYVwZ8xDsKvYHz1fUFAHldzxkq44myNAjD1H0DoYhQaXUl20UXkgO9w5kBqTfmKj9DOJhs5Q88ilebAbHHxm3GTZSJpP51jQjsPSUi3doX3Mz8E7W5pYptxtW1XPwcSHhkxuhWjbVKKQRTgM5uSXCPQ0PDAqcc6NybV2t1BK3GhQSPzsQ5k3wkldK7CYuUWMpKTMNLZDVF8i25DoGpA0K5m5s3VMAukLA9Gob5ysU%2fsu2TVBrJZDOsa3L%2bNoF2b01f8BC32e. 

******************************************

Date        : 01/04/2017
Time        : 20:04:41
Type        : Unknown
Source      : acise

Description : Function: hs_transport_winhttp_post
Thread Id: 0xD3C
File: hs_transport_winhttp.c
Line: 5776
Level: debug

unable to send request: 12029. 

******************************************

Date        : 01/04/2017
Time        : 20:04:41
Type        : Unknown
Source      : acise

Description : Function: HttpHandler::createOutgoingHTTPSMessage
Thread Id: 0xD3C
File: HttpHandler.cpp
Line: 295
Level: debug

MSG_NS_HTTP_RESPONSE, {{success=0}, {pkt=""}, {type=1}}. 

******************************************

Date        : 01/04/2017
Time        : 20:04:41
Type        : Error
Source      : acise

Description : Function: Authenticator::parsePostureData
Thread Id: 0xD3C
File: Authenticator.cpp
Line: 257
Level: error

Failed to communicate with CAS.. 

******************************************

Date        : 01/04/2017
Time        : 20:04:41
Type        : Error
Source      : acise

Description : Function: SMNavPosture::SMP_handleMonitorResp
Thread Id: 0xD3C
File: SMNavPosture.cpp
Line: 495
Level: error

Failed to parse monitor response. 

    ***************************************** 

    从EP视图创建应用合规性时,ISE引发“null”错误

    在从EP视图创建应用合规性时,出现“空”消息的最常见原因是缺少所需的OPSWAT图表。最新版本的状态更新应能解决此问题。

    TAC Authored

    由思科工程师提供

    • Vitaly Kumov
      Cisco TAC Engineer

    此文档是否有帮助?

    Feedback反馈

    联系我们

    本文档适用于以下产品