cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
574
Views
5
Helpful
6
Replies
Highlighted
Beginner

Cisco ISE: Syslog

Is there a way to generate a test message within the ise platform to see if my syslog is setup correctly to my external device. I created a remote logging target pointing to the IP address of my SEIM device where I want specific syslogs sent to: basically have every logging category targeted. Everything is still in testing mode with not much implemented: 5 different switch models all linked together with only one IP phone and camera attached. I don't know if generates a log if for say I try logging in with the wrong password or if a device is plugged into the network and not recognized etc.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE: Syslog

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH
6 REPLIES 6
VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE: Syslog

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH
Beginner

Re: Cisco ISE: Syslog

Yes that is what I did, I don't think I missed anything. Logging>Remote Logging Targets:

IP address to host is correct, status enabled, using port 6514, facility code local 6, default self signed server cert (Does this need applied anywhere else? I checked off Ignore Server Certificate Validation for testing).

 

Logging Categories> Enabled my Target for each category.

 

 

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE: Syslog

What version of ISE?
Did you set the maximum length as 8192?
Which certificate are you referring to?
Can you take a packet capture on ISE and confirm syslog is or is not being sent to the syslog server?
Beginner

Re: Cisco ISE: Syslog

ISE Version: 2.4.0.357

Max length was at 1024 and I just changed it to 8192

Attached is cert I am using.

Also, I wasn't sure if it has anything to do with the product not fully licensed yet and in a test environment until purchasing or if that would not even matter.

 

Yes one of my other team members is looking at this as well and is going to take a pcap.Default Cert.PNGLicense Warning.PNG

Beginner

Re: Cisco ISE: Syslog

A TCP Dump was preformed and the specific IP assigned for the syslog server I setup was not anywhere listed. 

Beginner

Re: Cisco ISE: Syslog

Follow up from this: implemented one of our live production network switches into this and began receiving syslog info. Thanks for your help.
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards