The Live Authentications page provides a tabular account of recent RADIUS authentications, in the order in which they happen.
The last update shown at the bottom of the Live Authentications page shows the date of the server, time, and timezone.
Following are the steps you can follow (on ISE 1.2)
Step 1 Choose Operations > Authentications.
Step 2 Select a time interval from the drop-down list to change the data refresh rate.
Step 3 Click the Refresh icon on the Live Authentications menu bar to manually update the data.
Step 4 Choose an option from the Show drop-down list to change the number of records that appear.
Step 5 Choose an option from the within drop-down list to specify a time interval,
Step 6 Click Add or Remove Columns and choose the options from the drop-down list to change the columns that are shown.
Step 7 Click Show Live Sessions to view live RADIUS sessions. You can use the dynamic Change of Authorization (CoA) feature for the Live Sessions that allows you to dynamically control active RADIUS sessions. You can send reauthenticate or disconnect requests to a Network Access Device (NAD).
Step 8 Click Save at the bottom of the drop-down list to save your modifications.
Anas is right, you can get the info directly from ISE, but if you really need to get the authentication/authorization log sent to your own syslog server, you can do that to.
You add a new syslog server under Administration/Logging/Remote Log targets/Add
And then add the new server to Administration/Logging/Logging Categories/Passed Authentications, but be aware that the syslog messages are not small, they normally are around 4KB per syslog message, as they contain alot of information.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...