cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1932
Views
5
Helpful
6
Replies
Highlighted
Beginner

Cisco ISE: Syslog

Is there a way to generate a test message within the ise platform to see if my syslog is setup correctly to my external device. I created a remote logging target pointing to the IP address of my SEIM device where I want specific syslogs sent to: basically have every logging category targeted. Everything is still in testing mode with not much implemented: 5 different switch models all linked together with only one IP phone and camera attached. I don't know if generates a log if for say I try logging in with the wrong password or if a device is plugged into the network and not recognized etc.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH

View solution in original post

6 REPLIES 6
Highlighted
VIP Mentor

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH

View solution in original post

Highlighted

Yes that is what I did, I don't think I missed anything. Logging>Remote Logging Targets:

IP address to host is correct, status enabled, using port 6514, facility code local 6, default self signed server cert (Does this need applied anywhere else? I checked off Ignore Server Certificate Validation for testing).

 

Logging Categories> Enabled my Target for each category.

 

 

Highlighted

What version of ISE?
Did you set the maximum length as 8192?
Which certificate are you referring to?
Can you take a packet capture on ISE and confirm syslog is or is not being sent to the syslog server?
Highlighted

ISE Version: 2.4.0.357

Max length was at 1024 and I just changed it to 8192

Attached is cert I am using.

Also, I wasn't sure if it has anything to do with the product not fully licensed yet and in a test environment until purchasing or if that would not even matter.

 

Yes one of my other team members is looking at this as well and is going to take a pcap.Default Cert.PNGLicense Warning.PNG

Highlighted

A TCP Dump was preformed and the specific IP assigned for the syslog server I setup was not anywhere listed. 

Highlighted

Follow up from this: implemented one of our live production network switches into this and began receiving syslog info. Thanks for your help.
Content for Community-Ad