I'm trying to setup guest action (creation, deletion, suspend) logging to remote syslog. I created remote logging target and set this target to Guest logging category with info priority. But I don't receive any messages when Sponsor creates or delete guest account.
By the message catalog, these messages should be in Guest category with severity info.
Does anyone know whats wrong? ISE version is 1.2 Patch 5.
I'm attaching picture of configuration:
Is port 514 is opened on your destination machine.
The rest of the configuration looks good for me. Can we check by having packet capture and see where the UDP packets are getting blocked.
Also can you please try by making use of default facility code value as LOCAL6 in Logging Category.
thank you for the reply. The port is opened it's syslog server also for other devices. I tried to change facility to LOCAL6, but its the same. I only receive this message when I suspend or delete guest user:
Jan 9 12:59:16
Thank you for update on testing. So you are able to get logs from ISE on delete or suspend guest account but not seeing any information on Guest creation or Guest Update.
This might not be an issue with configuration. ISE may not be able to push certain logs to remote syslog server.