Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1585
Views
5
Helpful
4
Replies

syslog CISE_Alarm vs CISE_Administrative_and_Operational_Audit

Go to solution
Jemmotar
Level 1
Level 1

‎06-08-2023 04:03 PM

Hello everyone!

We are using syslogs for monitoring. I have multiple deployments that are very similar to each other.
But I just found out that one of them is different when comes to syslog messages.

My syslog monitoring is expecting to see this message:

 

Jun  2 00:00:00 hostname CISE_Administrative_and_Operational_Audit 0007666335 1 0 2023-06-02 00:00:00.323 +00:00 0741901856 60166 NOTICE Certificate: Certificate will expire soon, ConfigVersionId=442, OperationMessageText=Local certificate 'something' will expire in 60 days,

 

But I get this instead:

 

Jun 8 00:00:10 hostname  CISE_Alarm WARN: Local certificate 'C=US;ST=Somewhere;L=Arlington;O=The Something Corporation;CN=something.something.com#Entrust Certification Authority - L1K#000
05' will expire in 10 days : Server=something

 


I was expecting (per the cisco ise syslog list) that every syslog has its own code, why CISE_Alarm bypass that convention?
Where to adjust this configuration please?
I want all my syslogs to follow the catalog aka CISE_Administrative_and_Operational_Audit instead of CISE_Alarm.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
poongarg
Cisco Employee
Cisco Employee

‎06-08-2023 05:44 PM

Alarm messages don't show the message code. There is an enhancement already filed for this change:

https://bst.cisco.com/bugsearch/bug/CSCvw55478

 

View solution in original post

4 Replies 4

Go to solution
poongarg
Cisco Employee
Cisco Employee

‎06-08-2023 05:44 PM

Alarm messages don't show the message code. There is an enhancement already filed for this change:

https://bst.cisco.com/bugsearch/bug/CSCvw55478

 

Go to solution
Jemmotar
Level 1
Level 1

‎06-10-2023 02:42 AM

Impacted ISE version 2.7.0.356 (patches 3,6,7,8)
@poongarg  - do you think that another patch or upgrade would resolve the issue? Is there anything we can do to get the unique message codes back?
I am supporting 10 other deployments running on different versions, this is the only environment I am facing the bug.
Would be worth to open TAC for this?

Go to solution
poongarg
Cisco Employee
Cisco Employee
In response to Jemmotar

‎06-10-2023 05:28 PM

The enhancement is filed on top of ISE 3.1 and yet not incorporated in any release. So upgrading the patch or version will not help.

 

Go to solution
Jemmotar
Level 1
Level 1

‎06-10-2023 03:12 AM

I could rephrase as missing "OperationMessageText=" as part of the syslog. (I can live without the unique codes, OperationMessageText is more important for me)

0 Helpful
Customers Also Viewed These Support Documents