https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871825#M582796 <P>If you go into you're remote logging target config, the default is 1024 which is too low to get the full log. If you try increasing this to 8192, you should get all the fields</P> Tue, 11 Jul 2023 14:56:59 GMT M. Wisely 2023-07-11T14:56:59Z https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871148#M582758 <P>I am running ISE 3.0 patch-7 and I use certificate based dot1x for authentication.</P><P>When the device is successfully authenticated, I see TLSversion and TLSCipher in the ISE log.&nbsp; I also configure the ISE to send these messages to external syslog server; however, I capture the traffic on the ISE for syslog message and I can confirm that syslog messages from the ISE to external syslog server do NOT contain either TLSVersion or TLSCipher.&nbsp; I've opened a TAC case with Cisco to investigate.&nbsp;&nbsp;</P><P>Is this expected?&nbsp; TIA</P> Mon, 10 Jul 2023 15:18:11 GMT https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871148#M582758 adamscottmaster2013 2023-07-10T15:18:11Z https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871570#M582783 <P>We're running 3.1p7 and I can see the TLSversion and TLSCipher fields in logs forwarded to our external syslog server.</P> Tue, 11 Jul 2023 09:41:41 GMT https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871570#M582783 M. Wisely 2023-07-11T09:41:41Z https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871613#M582784 <P>The way logs are sent to an external syslog server depends on the logging categories (Administration &gt; System &gt; Logging) referring the external logging target. There are predefined logging categories on ISE (Failed attempts, Passed authentication, etc) which defines the format in which logs would be sent to various logging targets.</P> <P>ISE doesn't log TLS packet dump in it's log files itself so don't think it would sent the TLS version in dot1x authentication to external syslog server.</P> Tue, 11 Jul 2023 10:45:45 GMT https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871613#M582784 Nancy Saini 2023-07-11T10:45:45Z https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871812#M582795 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/323120">@M. Wisely</a>:&nbsp; can you share the tcpdump that shows the TLSVersion in syslog?</P><P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/358459">@Nancy Saini</a>:&nbsp; TLSVersion does not show up in syslog output, is this expected in ISE 3.0?&nbsp; Is this a new feature in ISE 3.1 and higher?</P> Tue, 11 Jul 2023 14:45:13 GMT https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871812#M582795 adamscottmaster2013 2023-07-11T14:45:13Z https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871825#M582796 <P>If you go into you're remote logging target config, the default is 1024 which is too low to get the full log. If you try increasing this to 8192, you should get all the fields</P> Tue, 11 Jul 2023 14:56:59 GMT https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871825#M582796 M. Wisely 2023-07-11T14:56:59Z https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871879#M582797 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/323120">@M. Wisely</a>:&nbsp; the solution you provided works like a charm.&nbsp; Thank you very much.</P> Tue, 11 Jul 2023 16:12:56 GMT https://community.cisco.com/t5/network-access-control/tlsversion-and-tlscipher-in-syslog-message/m-p/4871879#M582797 adamscottmaster2013 2023-07-11T16:12:56Z