This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I installed a Cisco ISE VM but I can't see Radius logs.
I checked the created Policy Sets and can see hits.
I checked the config and the logging settings but I can't find it.
See attachment for more info.
What can I do?
Before I forget, I noticed that you have a Policy called "TACACS" (it's a bit fuzzy in your PDF) but you are showing the RADIUS Policy Sets. TACACS traffic will not be processed there. You need to create TACACS Policy Sets under Work Centers > Device Administration > Device Admin Policy Sets.
Back to your Live Logs issue.
It would help to see your deployment under Administration > System > Deployment
Have you tried doing a tcpdump (Operations > Troubleshoot > Diagnostic Tools > TCP Dump) from the node that you believe is processing your 802.1X traffic? That is the most basic test I would do. If Radius traffic is indeed reaching your service node, then check whether you have defined that Radius NAD in the Network Devices (Admin > Network Resources >Network Devices).
If your PSN's and MnT nodes are separated by a Firewall then your SYSLOGs might not be getting through. Is this a distributed deployment, and if so, are there firewalls between them?
You are right. Rookie mistake. This was on the test environment. I removed the TACACS part and put it where it belongs.
I have a standalone deployment. See print-screen in previous post.
I'll check the TCP dump and come back to youu.
In case the last authentication happened beyond 24 hours ago, then please run a report covering the time range of the authentications at Operations > Reports > Reports > Endpoints and Users > RADIUS Authentications.
The live logs view covers at most last 24 hours.