Hello, I am running ISE 1.3 Patch 7. I have an application that can consume and search syslog messages and I have ISE configured with this application as a syslog target. That works fine for authentication logs, but none of our Alarms are being sent. I found the snippet below in the 1.3 admin guide but I am completely confused on what this means. This is the key statement:
> If you configure monitoring functions to send alarm notifications as syslog messages
How exactly do I configure alarm notifications to be sent as syslog messages? The only option I have in System > Settings > Alarm Settings > Alarm Notification is email, and I can't seem to find the relevant instructions in the guide.
Thanks.
Log Collection
Monitoring services collect log and configuration data, store the data, and then process it to generate reports and alarms. You can view the details of the logs that are collected from any of the servers in your deployment.
Alarm Syslog Collection Location
If you configure monitoring functions to send alarm notifications as syslog messages, you need a syslog target to receive the notification. Alarm syslog targets are the destinations where alarm syslog messages are sent.
You must also have a system that is configured as a syslog server to be able to receive syslog messages. You can create, edit, and delete alarm syslog targets.
 Note | Cisco ISE monitoring requires that the logging-source interface configuration use the network access server (NAS) IP address. You must configure a switch for Cisco ISE monitoring. |
Accepted Solutions
I could not find an ISE 1.3 instance, but here is a screenshot from ISE 1.4.1, that shows [ Include Alarms for this Target ] checkbox option in a remote logging target:
Now get off 1.3 
this release is old
1.4.1 is a controlled release
deployment should be moved to 2.1 which has been out and stable
