Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1558
Views
0
Helpful
2
Replies

ISE 2.0 log files for testing with Splunk

dkotanto@cisco.com
Cisco Employee
Cisco Employee

‎02-15-2016 11:20 AM

Hello, Does anyone have any ISE 2.0 sample log files to test the ISE add-on tool for Splunk for a government customer?  Apparently, there is a way for Splunk to parse ISE log files without syslog.  The customer cannot provide their logs as the data is very confidential. Any logs that include AAA Audit passed or failed attempts, posture, profile data, etc. would be helpful. Thanks, Jim

0 Helpful
2 Replies 2

hslai
Cisco Employee
Cisco Employee

‎02-16-2016 07:41 PM

Please provide us the documentation regarding Splunk parsing ISE log files without syslog. We might need to refer you to our TME working with Splunk on this.

PFA an ISE local store file from our lab.

HTH

iseLocalStore.log.zip
0 Helpful

dkotanto@cisco.com
Cisco Employee
Cisco Employee
In response to hslai

‎02-16-2016 09:57 PM

Thanks, I'm just as interested to see how Splunk parses these without syslog.  I will let you know as soon as I receive a response from the customer's Splunk engineer.

0 Helpful
Top