08-17-2020 03:10 AM
Hi,
I'm working on an issue with my SIEM partner and they have reported that the syslogs being sent from our ISE installation are being split into multiple messages - this is causing issues when the logs are injested into their system.
I have set the maxmimum logs size to is upper limit of 8192 and the issue is still present. Is there any other way to increase this limit further or are there any other settings I could review that would keep the logs in one message ?
ISE is version 2.4 patch 10.
Thanks
08-17-2020 03:20 AM
that is the best value you can go, what SIEM product, can you provide more information how other product seeing as an issue ( some Logs ?)
08-24-2020 04:38 AM
Example of logs attached - you'll see that the log is in 2 parts when it reaches our SIEM collector. The format of the underlined bit at the beginning of each is this: “[LOG ID] [NO. OF MESSAGES] [MESSAGE SEQUENCE NUMBER]” – the message sequence starts at 0 to make it more confusing !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide