Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

594
Views
5
Helpful
6
Replies
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 07:27 AM
‎01-17-2019 07:27 AM

Cisco ISE: Syslog

Is there a way to generate a test message within the ise platform to see if my syslog is setup correctly to my external device. I created a remote logging target pointing to the IP address of my SEIM device where I want specific syslogs sent to: basically have every logging category targeted. Everything is still in testing mode with not much implemented: 5 different switch models all linked together with only one IP phone and camera attached. I don't know if generates a log if for say I try logging in with the wrong password or if a device is plugged into the network and not recognized etc.

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
RJI
VIP Advocate RJI VIP Advocate
VIP Advocate
‎01-17-2019 07:44 AM
‎01-17-2019 07:44 AM

Re: Cisco ISE: Syslog

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH
Reply
6 REPLIES 6
RJI
VIP Advocate RJI VIP Advocate
VIP Advocate
‎01-17-2019 07:44 AM
‎01-17-2019 07:44 AM

Re: Cisco ISE: Syslog

Hi,
When you configured the syslog server, did you go to Logging Categories and specify a target (the target would be the syslog server you defined) for each of the categories you wish to recieve notifications for?

Under categories you do have AAA Audit > Failed attempts, passed attempts etc (along with many more options), so once you define the target you should start receiving the syslog messages.

HTH
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 10:13 AM
‎01-17-2019 10:13 AM

Re: Cisco ISE: Syslog

Yes that is what I did, I don't think I missed anything. Logging>Remote Logging Targets:

IP address to host is correct, status enabled, using port 6514, facility code local 6, default self signed server cert (Does this need applied anywhere else? I checked off Ignore Server Certificate Validation for testing).

 

Logging Categories> Enabled my Target for each category.

 

 

0 Helpful
Reply
RJI
VIP Advocate RJI VIP Advocate
VIP Advocate
‎01-17-2019 10:44 AM
‎01-17-2019 10:44 AM

Re: Cisco ISE: Syslog

What version of ISE?
Did you set the maximum length as 8192?
Which certificate are you referring to?
Can you take a packet capture on ISE and confirm syslog is or is not being sent to the syslog server?
0 Helpful
Reply
Highlighted
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 11:00 AM
‎01-17-2019 11:00 AM

Re: Cisco ISE: Syslog

ISE Version: 2.4.0.357

Max length was at 1024 and I just changed it to 8192

Attached is cert I am using.

Also, I wasn't sure if it has anything to do with the product not fully licensed yet and in a test environment until purchasing or if that would not even matter.

 

Yes one of my other team members is looking at this as well and is going to take a pcap.Default Cert.PNGLicense Warning.PNG

0 Helpful
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-17-2019 11:22 AM
‎01-17-2019 11:22 AM

Re: Cisco ISE: Syslog

A TCP Dump was preformed and the specific IP assigned for the syslog server I setup was not anywhere listed. 

0 Helpful
Reply
Rsbell
Rsbell Beginner
Beginner
‎01-25-2019 07:31 AM
‎01-25-2019 07:31 AM

Re: Cisco ISE: Syslog

Follow up from this: implemented one of our live production network switches into this and began receiving syslog info. Thanks for your help.
0 Helpful
Reply
Latest Contents
Software-defined networking key theme at VMworld--and for IT...
Created by lhorwitz on 08-20-2019 12:09 PM
0
0
0
0
  Whether you're attending VMworld 2019 on-site or from afar, read the latest on the key themes to expect. They are also the key themes for IT management today, from software defined everything to cloud and automation to IoT and edgecomputing : http:... view more
Python Script using Netmiko Lib to SSH into network devices ...
Created by KrishnaTiwari8030 on 08-20-2019 04:39 AM
0
0
0
0
import netmikofrom netmiko import ConnectHandlerdevice = ConnectHandler(device_type="cisco-ios, ip="IP ADDRESS", username="USENAME", password="PASSWORD", secret="ENABLE PASSWORD")output1 = device.send_command("show running-config")print(output1)device.dis... view more
Ask the Expert event- SD-WAN fundamentals and implementation
Created by Cisco Moderador on 08-19-2019 06:34 PM
0
0
0
0
To   participate   in this event, please use the   button   to ask your questions This topic is a chance to discuss more about SD-WAN), it's foundations and inner mechanisms as well as its correct design a... view more
#CiscoChat Live: The Hybrid Engineer: Where Networking Meets...
Created by Kelli Glass on 08-19-2019 11:11 AM
0
0
0
0
Join us on Thursday, August 22 at 10:00 am PT to learn more about how to bridge the networking and software development divide.  As technology advances, businesses will connect applications, devices, and people via the cloud and mobile devices. Sof... view more
#CiscoChat Live - The Hybrid Engineer: Where Networking Meet...
Created by Kelli Glass on 08-19-2019 11:07 AM
0
0
0
0
Join us on Thursday, August 22 at 10:00 am PT to learn more about how to bridge the networking and software development divide. As technology advances, businesses will connect applications, devices, and people via the cloud and mobile devices. Software an... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
July's Community Spotlight Awards