cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

966
Views
1
Helpful
5
Replies
Highlighted
Enthusiast
Enthusiast

ISE 1.3 and sending alarms as syslog messages

Hello, I am running ISE 1.3 Patch 7. I have an application that can consume and search syslog messages and I have ISE configured with this application as a syslog target. That works fine for authentication logs, but none of our Alarms are being sent. I found the snippet below in the 1.3 admin guide but I am completely confused on what this means. This is the key statement:

> If you configure monitoring functions to send alarm notifications as syslog messages

How exactly do I configure alarm notifications to be sent as syslog messages? The only option I have in System > Settings > Alarm Settings > Alarm Notification is email, and I can't seem to find the relevant instructions in the guide.

Thanks.

Log Collection

Monitoring services collect log and configuration data, store the data, and then process it to generate reports and alarms. You can view the details of the logs that are collected from any of the servers in your deployment.

Alarm Syslog Collection Location

If you configure monitoring functions to send alarm notifications as syslog messages, you need a syslog target to receive the notification. Alarm syslog targets are the destinations where alarm syslog messages are sent.

You must also have a system that is configured as a syslog server to be able to receive syslog messages. You can create, edit, and delete alarm syslog targets.

Note

Cisco ISE monitoring requires that the logging-source interface configuration use the network access server (NAS) IP address. You must configure a switch for Cisco ISE monitoring.


1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

Feature available in ISE 2.1...

View solution in original post

5 REPLIES 5
Highlighted
Advocate

Feature available in ISE 2.1...

View solution in original post

Highlighted
Cisco Employee

I could not find an ISE 1.3 instance, but here is a screenshot from ISE 1.4.1, that shows [ Include Alarms for this Target ] checkbox option in a remote logging target:

Screen Shot 2017-01-19 at 8.44.04 PM.png

Highlighted
Enthusiast
Enthusiast

YES, that was it! Thank you so much!!!

Highlighted

Now get off 1.3   this release is old

1.4.1 is a controlled release

deployment should be moved to 2.1 which has been out and stable

Highlighted

Combining information based on sidebar discussions with Hsing...

Alarms are automatically sent to default system Log targets.  If wish to send Alarms in syslog to new external targets, then select option from screenshot that Hsing provided.  When add a new target, there is checkbox to optionally include alarms.

Starting in ISE 2.1, you can also selectively choose which alarms are sent as Syslog.  System (predefined) alarms are automatically enabled for syslog, but new (custom) alarms are not enabled for syslog by default.

/Craig