Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1223
Views
0
Helpful
2
Replies

ISE 2.0 log files for testing with Splunk

dkotanto@cisco.com
Cisco Employee
Cisco Employee

‎02-15-2016 11:20 AM

Hello, Does anyone have any ISE 2.0 sample log files to test the ISE add-on tool for Splunk for a government customer?  Apparently, there is a way for Splunk to parse ISE log files without syslog.  The customer cannot provide their logs as the data is very confidential. Any logs that include AAA Audit passed or failed attempts, posture, profile data, etc. would be helpful. Thanks, Jim

0 Helpful
2 Replies 2

hslai
Cisco Employee
Cisco Employee

‎02-16-2016 07:41 PM

Please provide us the documentation regarding Splunk parsing ISE log files without syslog. We might need to refer you to our TME working with Splunk on this.

PFA an ISE local store file from our lab.

HTH

iseLocalStore.log.zip
0 Helpful

dkotanto@cisco.com
Cisco Employee
Cisco Employee
In response to hslai

‎02-16-2016 09:57 PM

Thanks, I'm just as interested to see how Splunk parses these without syslog.  I will let you know as soon as I receive a response from the customer's Splunk engineer.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents