Cisco Community
English
Register
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco announces new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


143
Views
5
Helpful
6
Replies
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 07:27 AM
‎01-17-2019 07:27 AM

Cisco ISE: Syslog

Is there a way to generate a test message within the ise platform to see if my syslog is setup correctly to my external device. I created a remote logging target pointing to the IP address of my SEIM device where I want specific syslogs sent to: basically have every logging category targeted. Everything is still in testing mode with not much implemented: 5 different switch models all linked together with only one IP phone and camera attached. I don't know if generates a log if for say I try logging in with the wrong password or if a device is plugged into the network and not recognized etc.

0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
RJI
VIP Engager RJI VIP Engager
VIP Engager
‎01-17-2019 07:44 AM
‎01-17-2019 07:44 AM

Re: Cisco ISE: Syslog

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH
Reply
6 REPLIES
RJI
VIP Engager RJI VIP Engager
VIP Engager
‎01-17-2019 07:44 AM
‎01-17-2019 07:44 AM

Re: Cisco ISE: Syslog

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 10:13 AM
‎01-17-2019 10:13 AM

Re: Cisco ISE: Syslog

Yes that is what I did, I don't think I missed anything. Logging>Remote Logging Targets:

IP address to host is correct, status enabled, using port 6514, facility code local 6, default self signed server cert (Does this need applied anywhere else? I checked off Ignore Server Certificate Validation for testing).

 

Logging Categories> Enabled my Target for each category.

 

 

0 Helpful
Reply
RJI
VIP Engager RJI VIP Engager
VIP Engager
‎01-17-2019 10:44 AM
‎01-17-2019 10:44 AM

Re: Cisco ISE: Syslog

What version of ISE?
Did you set the maximum length as 8192?
Which certificate are you referring to?
Can you take a packet capture on ISE and confirm syslog is or is not being sent to the syslog server?
0 Helpful
Reply
Highlighted
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 11:00 AM
‎01-17-2019 11:00 AM

Re: Cisco ISE: Syslog

ISE Version: 2.4.0.357

Max length was at 1024 and I just changed it to 8192

Attached is cert I am using.

Also, I wasn't sure if it has anything to do with the product not fully licensed yet and in a test environment until purchasing or if that would not even matter.

 

Yes one of my other team members is looking at this as well and is going to take a pcap.Default Cert.PNGLicense Warning.PNG

0 Helpful
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 11:22 AM
‎01-17-2019 11:22 AM

Re: Cisco ISE: Syslog

A TCP Dump was preformed and the specific IP assigned for the syslog server I setup was not anywhere listed. 

0 Helpful
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-25-2019 07:31 AM
‎01-25-2019 07:31 AM

Re: Cisco ISE: Syslog

Follow up from this: implemented one of our live production network switches into this and began receiving syslog info. Thanks for your help.
0 Helpful
Reply
Latest Contents
BGP Weight Attribute
Created by Edgar c Francis on 02-16-2019 08:32 PM
0
0
0
0
BGP Weight Attribute A Cisco router can use the BGP weight, in that router to influence that one router’s choice of outbound route. To do so, when a router receives a BGP update, that router can set the weight either selectively, per route, using rou... view more
Technote of the day (TOTD) -- How to configure External Auth...
Created by Tomas De Leon on 02-16-2019 04:49 PM
0
0
0
0
Technote of the day (TOTD) -- How to configure External Authentication for users using TACACS on the Cisco DNAC?   Prepared for: Cisco DNA Customers, CX Support Teams Prepared by: Tomas de Leon, Technical Leader Feb 16, 2019Document number... view more
BGP Peer Group and config
Created by Edgar c Francis on 02-16-2019 03:21 AM
0
0
0
0
BGP Peer Group and config  By default,  BGP updates are sent on a neighbor to neighbor basis and the  result  more CPU resources being used, also by implementing  non-default settings  for example per... view more
BGP Neighbors_CCNP
Created by Edgar c Francis on 02-16-2019 12:39 AM
0
0
0
0
  BGP NeighborsBGP neighbors are routers forming TCP connection for exchanging BGP updates it’s also called as BGP peers or BGP speakers.There are two types of BGP neighbor relationshipIBGP (internal BGP)EBGP (external BGP) BGP first forms ... view more
Introduction of BGP
Created by Edgar c Francis on 02-16-2019 12:10 AM
0
0
0
0
  Introduction of BGPBorder Gateway Protocol (BGP) advertises, learn, and choose the best paths inside the wide internet. When two ISPs connected, they typically use BGP to exchange routing information. The ISPs of the world wide exchange routin... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Blog-Cisco Community Designated VIP Dinner CLEUR2019