Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
246
Views
5
Helpful
6
Replies
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 07:27 AM
‎01-17-2019 07:27 AM

Cisco ISE: Syslog

Is there a way to generate a test message within the ise platform to see if my syslog is setup correctly to my external device. I created a remote logging target pointing to the IP address of my SEIM device where I want specific syslogs sent to: basically have every logging category targeted. Everything is still in testing mode with not much implemented: 5 different switch models all linked together with only one IP phone and camera attached. I don't know if generates a log if for say I try logging in with the wrong password or if a device is plugged into the network and not recognized etc.

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
RJI
VIP Advocate RJI VIP Advocate
VIP Advocate
‎01-17-2019 07:44 AM
‎01-17-2019 07:44 AM

Re: Cisco ISE: Syslog

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH
Reply
6 REPLIES 6
RJI
VIP Advocate RJI VIP Advocate
VIP Advocate
‎01-17-2019 07:44 AM
‎01-17-2019 07:44 AM

Re: Cisco ISE: Syslog

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 10:13 AM
‎01-17-2019 10:13 AM

Re: Cisco ISE: Syslog

Yes that is what I did, I don't think I missed anything. Logging>Remote Logging Targets:

IP address to host is correct, status enabled, using port 6514, facility code local 6, default self signed server cert (Does this need applied anywhere else? I checked off Ignore Server Certificate Validation for testing).

 

Logging Categories> Enabled my Target for each category.

 

 

0 Helpful
Reply
RJI
VIP Advocate RJI VIP Advocate
VIP Advocate
‎01-17-2019 10:44 AM
‎01-17-2019 10:44 AM

Re: Cisco ISE: Syslog

What version of ISE?
Did you set the maximum length as 8192?
Which certificate are you referring to?
Can you take a packet capture on ISE and confirm syslog is or is not being sent to the syslog server?
0 Helpful
Reply
Highlighted
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 11:00 AM
‎01-17-2019 11:00 AM

Re: Cisco ISE: Syslog

ISE Version: 2.4.0.357

Max length was at 1024 and I just changed it to 8192

Attached is cert I am using.

Also, I wasn't sure if it has anything to do with the product not fully licensed yet and in a test environment until purchasing or if that would not even matter.

 

Yes one of my other team members is looking at this as well and is going to take a pcap.Default Cert.PNGLicense Warning.PNG

0 Helpful
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 11:22 AM
‎01-17-2019 11:22 AM

Re: Cisco ISE: Syslog

A TCP Dump was preformed and the specific IP assigned for the syslog server I setup was not anywhere listed. 

0 Helpful
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-25-2019 07:31 AM
‎01-25-2019 07:31 AM

Re: Cisco ISE: Syslog

Follow up from this: implemented one of our live production network switches into this and began receiving syslog info. Thanks for your help.
0 Helpful
Reply
Latest Contents
How to Configure IPSec VPN Connection between Cisco vEdge an...
Created by thulsdau on 04-18-2019 10:08 PM
0
0
0
0
This how-to is a step-by-step guide to configure an IPSec VPN Connection from an on-premise Cisco vEdge device to Microsoft Azure. Hardware and Software used in this guide vEdge running software version 18.4.0 Microsoft Azure account with valid s... view more
Briefing: Catalyst 9600 - Powering Cloud Scale Campus
Created by hcaldwel on 04-18-2019 12:21 PM
0
0
0
0
Join the Customer Connection program in order to register for this event.  Registration is free and easy to complete.  Choose the Networking track and once your membership is accepted, you'll be able to register for this briefing. Join this sess... view more
Briefing: Wi-Fi 6 and the Next Generation of Access
Created by hcaldwel on 04-18-2019 08:09 AM
0
0
0
0
Join the Customer Connection program in order to register for this event.  Registration is free and easy to complete.  Choose the Networking track and once your membership is accepted, you'll be able to register for this briefing. Learn about th... view more
CiscoChat Podcast - Securing the Cloud Edge
Created by Kelli Glass on 04-16-2019 03:48 PM
0
0
0
0
Recorded Live at Cisco Partner Summit 2019!The Cloud Edge—the intersection of the network, cloud, and security–is where businesses face the greatest security risks, inconsistent application performance, and increasing complexity. Organizations need a comp... view more
#CiscoChat Podcast - Cisco DNA Center Assurance
Created by Kelli Glass on 04-16-2019 02:29 PM
0
0
0
0
Recorded live at Cisco Live U.S. 2018Cisco DNA Center was introduced as a seamless tool for network automation, including everything from designing your network, setting up application policies and provisioning features like software-defined access. But h... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Spotlight awards-March 2019