cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1874
Views
0
Helpful
7
Replies

ISE Guest create/delete logging into remote syslog

Jiri Krystynek
Level 1
Level 1

Hello,

I'm trying to setup guest action (creation, deletion, suspend) logging to remote syslog. I created remote logging target and set this target to Guest logging category with info priority. But I don't receive any messages when Sponsor creates or delete guest account.

By the message catalog, these messages should be in Guest category with severity info.

Does anyone know whats wrong? ISE version is 1.2 Patch 5.

Thanks

Jiri

I'm attaching picture of configuration:

ise_syslog_settings.png

7 Replies 7

Naresh Ginjupalli
Cisco Employee
Cisco Employee

Hi Jiri,

Is port 514 is opened on your destination machine.

The rest of the configuration looks good for me. Can we check by having packet capture and see where the UDP packets are getting blocked.

Also can you please try by making use of default facility code value as LOCAL6 in Logging Category.

Hello,

thank you for the reply. The port is opened it's syslog server also for other devices. I tried to change facility to LOCAL6, but its the same. I only receive this message when I suspend or delete guest user:

Jan  9 12:59:16 ise-demo-pri CISE_Guest 0000000838 1 0 2014-01-09 12:59:16.569 +01:00 0000085231 86028 INFO  Guest: Successfully performed CoA termination(s) for a deleted guest or a suspended guest, ConfigVersionId=35,

Jiri

Hi Jiri,

Thank you for update on testing. So you are able to get logs from ISE on delete or suspend guest account but not seeing any information on Guest creation or Guest Update.

This might not be an issue with configuration. ISE may not be able to push certain logs to remote syslog server.

Hi,

I receive only log message number 86028 about performing CoA. I would expect also message 86008 "Guest User account is deleted.". Ideally including guest and sponsor name.

Jiri

Hi Jiri,

Can you please attach mnt-collector.out file from ISE -->Operations -->Troubleshoot --> Download Logs -->select  primary node and go to Debug logs and download mnt-collector.out file.

Hi,

I sent you the log in private message. But I don't see anything important in the log.

Thanks,

Jiri

Jiri Krystynek
Level 1
Level 1

Hello,

I opened the TAC case and it was marked as a BUG CSCum54099.

Jiri