This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hello, I am running ISE 1.3 Patch 7. I have an application that can consume and search syslog messages and I have ISE configured with this application as a syslog target. That works fine for authentication logs, but none of our Alarms are being sent. I found the snippet below in the 1.3 admin guide but I am completely confused on what this means. This is the key statement:
> If you configure monitoring functions to send alarm notifications as syslog messages
How exactly do I configure alarm notifications to be sent as syslog messages? The only option I have in System > Settings > Alarm Settings > Alarm Notification is email, and I can't seem to find the relevant instructions in the guide.
Monitoring services collect log and configuration data, store the data, and then process it to generate reports and alarms. You can view the details of the logs that are collected from any of the servers in your deployment.
If you configure monitoring functions to send alarm notifications as syslog messages, you need a syslog target to receive the notification. Alarm syslog targets are the destinations where alarm syslog messages are sent.
Solved! Go to Solution.
I could not find an ISE 1.3 instance, but here is a screenshot from ISE 1.4.1, that shows [ Include Alarms for this Target ] checkbox option in a remote logging target:
Combining information based on sidebar discussions with Hsing...
Alarms are automatically sent to default system Log targets. If wish to send Alarms in syslog to new external targets, then select option from screenshot that Hsing provided. When add a new target, there is checkbox to optionally include alarms.
Starting in ISE 2.1, you can also selectively choose which alarms are sent as Syslog. System (predefined) alarms are automatically enabled for syslog, but new (custom) alarms are not enabled for syslog by default.