05-07-2018 02:19 PM - edited 02-21-2020 10:55 AM
Hi,
One of my customer is on ISE 2.2 latest patch and using ISE PIC.
The events are being sent from the domain controllers to Syslog NG and Syslog NG servers are added as Syslog Providers.
We are unable to see events in the LIVE Session under ISE PIC.
We verified that using TCPDUMP(under Troubleshooting) that ISE is getting events from the syslog server.
Could it be a parsing issue that's causing it to not display the events in the Live Session?
When pasted the sample syslog output and tested, it shows the proper output. Could it be anything on the customer header?
Thanks
Sampath
Solved! Go to Solution.
05-07-2018 04:59 PM
TAC case?
If never work before, then most likely parsing.
Enable DEBUG on passiveid and collector. Recreate with packet capture and check the debug log files — passiveid-*.log and collector.log.
05-07-2018 04:59 PM
TAC case?
If never work before, then most likely parsing.
Enable DEBUG on passiveid and collector. Recreate with packet capture and check the debug log files — passiveid-*.log and collector.log.
05-08-2018 09:27 AM
Hsing
No TAC Case yet. Will be opening it shortly.
It was working fine when it was configured as just ISE-PIC without Full ISE.
Now with Full ISE, no events showing up in the live sessions. The syntax of the syslog template and header is correct and they show the output when tested.
No errors in the log. Any other area that I need to look at?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: