Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE Guest create/delete logging into remote syslog

Hello,

I'm trying to setup guest action (creation, deletion, suspend) logging to remote syslog. I created remote logging target and set this target to Guest logging category with info priority. But I don't receive any messages when Sponsor creates or delete guest account.

By the message catalog, these messages should be in Guest category with severity info.

Does anyone know whats wrong? ISE version is 1.2 Patch 5.

Thanks

Jiri

I'm attaching picture of configuration:

ise_syslog_settings.png

Everyone's tags (4)
7 REPLIES
Cisco Employee

ISE Guest create/delete logging into remote syslog

Hi Jiri,

Is port 514 is opened on your destination machine.

The rest of the configuration looks good for me. Can we check by having packet capture and see where the UDP packets are getting blocked.

Also can you please try by making use of default facility code value as LOCAL6 in Logging Category.

New Member

ISE Guest create/delete logging into remote syslog

Hello,

thank you for the reply. The port is opened it's syslog server also for other devices. I tried to change facility to LOCAL6, but its the same. I only receive this message when I suspend or delete guest user:

Jan  9 12:59:16 ise-demo-pri CISE_Guest 0000000838 1 0 2014-01-09 12:59:16.569 +01:00 0000085231 86028 INFO  Guest: Successfully performed CoA termination(s) for a deleted guest or a suspended guest, ConfigVersionId=35,

Jiri

Cisco Employee

ISE Guest create/delete logging into remote syslog

Hi Jiri,

Thank you for update on testing. So you are able to get logs from ISE on delete or suspend guest account but not seeing any information on Guest creation or Guest Update.

This might not be an issue with configuration. ISE may not be able to push certain logs to remote syslog server.

New Member

ISE Guest create/delete logging into remote syslog

Hi,

I receive only log message number 86028 about performing CoA. I would expect also message 86008 "Guest User account is deleted.". Ideally including guest and sponsor name.

Jiri

Cisco Employee

ISE Guest create/delete logging into remote syslog

Hi Jiri,

Can you please attach mnt-collector.out file from ISE -->Operations -->Troubleshoot --> Download Logs -->select  primary node and go to Debug logs and download mnt-collector.out file.

New Member

ISE Guest create/delete logging into remote syslog

Hi,

I sent you the log in private message. But I don't see anything important in the log.

Thanks,

Jiri

New Member

ISE Guest create/delete logging into remote syslog

Hello,

I opened the TAC case and it was marked as a BUG CSCum54099.

Jiri

474
Views
0
Helpful
7
Replies
CreatePlease login to create content