Showing results for 
Search instead for 
Did you mean: 

Don't see option to send 'NOTICE' level events to External Syslog




We are not getting 'NOTICE' severity level events in External Syslog server from Cisco ISE. We understand it should be able if we select 'INFO' level while defining the targets since there is no option to select 'NOTICE'. Since we see some logs from ISE, we are sure syslog traffic is not blocked in the path.


Thanks in advance.

1 Reply 1

Arne Bier
VIP Advisor VIP Advisor
VIP Advisor



It should work.


what version of ISE?


I am using ISE 2.7 patch 6 and my syslog server is Ubuntu 20.04 LTS running the default rsyslog daemon.

In ISE I added my Ubuntu server as LOCAL6 facility and UDP/514

In the Logging Categories I added this remote logging target for "Administrative and Operational Audit" to log every time I log into the ISE Admin GUI.


Dec 16 08:46:10 nac1 CISE_Administrative_and_Operational_Audit 0000000224 1 0 2021-12-16 08:46:10.039 +10:00 0000902175 51002 NOTICE Administrator-Login: Administrator logged off, ConfigVersionId=187, AdminInterface=GUI, AdminIPAddress=, AdminSession=AdminGUI_Session, AdminName=abier, OperationMessageText=User logged out,
Dec 16 08:46:21 nac1 CISE_Administrative_and_Operational_Audit 0000000225 1 0 2021-12-16 08:46:21.198 +10:00 0000902190 51001 NOTICE Administrator-Login: Administrator authentication succeeded, ConfigVersionId=187, AdminInterface=GUI, AdminIPAddress=, AdminSession=AdminGUI_Session, AdminName=abier, OperationMessageText=Administrator authentication successful,

My /etc/rsyslog.conf had a few tweaks to allow UDP/514 and also to log local6.notice


All operations run as root user:


# provides UDP syslog reception
input(type="imudp" port="514")

# Rules
local6.notice   /var/log/isesyslog.log

I made a local file to log the results for this test

touch /var/local/isesyslog.log
chown syslog:adm /var/local/isesyslog.log


Then restart the daemon

systemctl restart rsyslog

and tail the results


tail -f /var/log/isesyslog.log




Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers