This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I'm trying to setup guest action (creation, deletion, suspend) logging to remote syslog. I created remote logging target and set this target to Guest logging category with info priority. But I don't receive any messages when Sponsor creates or delete guest account.
By the message catalog, these messages should be in Guest category with severity info.
Does anyone know whats wrong? ISE version is 1.2 Patch 5.
I'm attaching picture of configuration:
Is port 514 is opened on your destination machine.
The rest of the configuration looks good for me. Can we check by having packet capture and see where the UDP packets are getting blocked.
Also can you please try by making use of default facility code value as LOCAL6 in Logging Category.
thank you for the reply. The port is opened it's syslog server also for other devices. I tried to change facility to LOCAL6, but its the same. I only receive this message when I suspend or delete guest user:
Jan 9 12:59:16
Thank you for update on testing. So you are able to get logs from ISE on delete or suspend guest account but not seeing any information on Guest creation or Guest Update.
This might not be an issue with configuration. ISE may not be able to push certain logs to remote syslog server.
I receive only log message number 86028 about performing CoA. I would expect also message 86008 "Guest User account is deleted.". Ideally including guest and sponsor name.
Can you please attach mnt-collector.out file from ISE -->Operations -->Troubleshoot --> Download Logs -->select primary node and go to Debug logs and download mnt-collector.out file.