https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4852254#M582153 <P>Impacted ISE version 2.7.0.356 (patches 3,6,7,8)<BR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/66272">@poongarg</a>&nbsp; - do you think that another patch or upgrade would resolve the issue? Is there anything we can do to get the unique <SPAN class="">message </SPAN>codes back?<BR />I am supporting 10 other deployments running on different versions, this is the only environment I am facing the bug.<BR />Would be worth to open TAC for this?</P> Sat, 10 Jun 2023 09:42:13 GMT Jemmotar 2023-06-10T09:42:13Z https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4851671#M582127 <P>Hello everyone!<BR /><BR />We are using syslogs for monitoring. I have multiple deployments that are very similar to each other.<BR />But I just found out that one of them is different when comes to syslog messages.<BR /><BR />My syslog monitoring is expecting to see this message:</P><P>&nbsp;</P><LI-CODE lang="markup">Jun 2 00:00:00 hostname CISE_Administrative_and_Operational_Audit 0007666335 1 0 2023-06-02 00:00:00.323 +00:00 0741901856 60166 NOTICE Certificate: Certificate will expire soon, ConfigVersionId=442, OperationMessageText=Local certificate 'something' will expire in 60 days,</LI-CODE><P>&nbsp;</P><P>But I get this instead:</P><P>&nbsp;</P><LI-CODE lang="markup">Jun 8 00:00:10 hostname CISE_Alarm WARN: Local certificate 'C=US;ST=Somewhere;L=Arlington;O=The Something Corporation;CN=something.something.com#Entrust Certification Authority - L1K#000 05' will expire in 10 days : Server=something</LI-CODE><P>&nbsp;</P><P><BR />I was expecting (per the cisco ise syslog list) that every syslog has its own code, why <FONT face="courier new,courier">CISE_Alarm</FONT> bypass that convention?<BR /><STRONG><FONT size="4">Where to adjust this configuration please?</FONT></STRONG><BR />I want all my syslogs to follow the catalog aka <FONT face="courier new,courier">CISE_Administrative_and_Operational_Audit</FONT> instead of <FONT face="courier new,courier">CISE_Alarm</FONT>.</P> Thu, 08 Jun 2023 23:03:57 GMT https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4851671#M582127 Jemmotar 2023-06-08T23:03:57Z https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4851697#M582128 <P>Alarm messages don't show the message code. There is an enhancement already filed for this change:</P> <P><A href="https://bst.cisco.com/bugsearch/bug/CSCvw55478" target="_blank">https://bst.cisco.com/bugsearch/bug/CSCvw55478</A></P> <P>&nbsp;</P> Fri, 09 Jun 2023 00:44:38 GMT https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4851697#M582128 poongarg 2023-06-09T00:44:38Z https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4852254#M582153 <P>Impacted ISE version 2.7.0.356 (patches 3,6,7,8)<BR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/66272">@poongarg</a>&nbsp; - do you think that another patch or upgrade would resolve the issue? Is there anything we can do to get the unique <SPAN class="">message </SPAN>codes back?<BR />I am supporting 10 other deployments running on different versions, this is the only environment I am facing the bug.<BR />Would be worth to open TAC for this?</P> Sat, 10 Jun 2023 09:42:13 GMT https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4852254#M582153 Jemmotar 2023-06-10T09:42:13Z https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4852256#M582154 <P>I could rephrase as missing "OperationMessageText=" as part of the syslog. (I can live without the unique codes, OperationMessageText is more important for me)</P> Sat, 10 Jun 2023 10:12:47 GMT https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4852256#M582154 Jemmotar 2023-06-10T10:12:47Z https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4852395#M582160 <P>The enhancement is filed on top of ISE 3.1 and yet not incorporated in any release. So upgrading the patch or version will not help.</P> <P>&nbsp;</P> Sun, 11 Jun 2023 00:28:58 GMT https://community.cisco.com/t5/network-access-control/syslog-cise-alarm-vs-cise-administrative-and-operational-audit/m-p/4852395#M582160 poongarg 2023-06-11T00:28:58Z