11-01-2019 12:46 PM - edited 11-01-2019 03:26 PM
We have our ISE deployment pushing logs to a splunk server. We are looking at message class "PSN-Heartbeat" and noticed that message code in this class have a severity level of "Notice".
We are interested in the following message codes:
60057 (A PSN node went down)
60058 (Initial Status of heartbeat system)
The issue here is that the system and operational logging category in ISE has a severity level of "INFO". These message class has a severity level of "Notice" there for its not being pushed to the log servers. There is not an option to reduce the logging option to Notice so the splunk server can pick up the triggered message_code.
The object here is to get a Splunk log that identifies the status of each of our PSN nodes. Especially when one of our PSN nodes goes down.
Can the message catalog have its severity levels changed? and if so, how?
Solved! Go to Solution.
11-02-2019 12:09 AM
NOTICE is hidden level between WARN and INFO. If INFO is selected, you should get all logs including NOTICE. You can't change log levels of individual messages, but can change per catalog by going to Administration > System > Logging > Logging Categories.
11-02-2019 12:09 AM
NOTICE is hidden level between WARN and INFO. If INFO is selected, you should get all logs including NOTICE. You can't change log levels of individual messages, but can change per catalog by going to Administration > System > Logging > Logging Categories.
01-29-2021 11:18 AM - edited 01-29-2021 11:29 AM
//del sorry old thread
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide