Differences

This shows you the differences between two versions of the page.

--- siteadmin:fticks_logging_for_cisco_ise [2024/05/16 08:42] – admin
+++ siteadmin:fticks_logging_for_cisco_ise [2024/05/20 12:37] (current) – admin
@@ Line 1: / Line 1: @@
 ======Logging for Cisco ISE======
+**NOTE: This is untested.**
+**This only applies to Federation Operators and not to individual sites**
 Unfortunately ISE can't generate custom logs in the format required (FTICKS) but, fortunately, it can generate syslog logs with the right information, which can be sent to a syslog server and munged into a suitable format.
@@ Line 108: / Line 112: @@
   * Install [[https://nxlog.co/products/nxlog-community-edition|NXLog CE]] on Windows
   * Use this configuration (with paths changed appropriately)
+**Note: This doesn't actually send the logs in FTICKS format but it does send them in a format which Jisc can convert to FTICKS. However, it's absolutely critical that the FedID is set correctly**
 <code>
@@ Line 141: / Line 147: @@
       if $raw_event !~ /CISE_Passed_Authentications/ drop();
       $FedID="XXXXX"; # Set this to the Federation ID provided by Jisc
+      $SyslogFacility = "local6";
     </Exec>
 </Input>
@@ Line 163: / Line 170: @@
     OutputType  Syslog_TLS
     Exec        to_syslog_ietf();
-    Exec        $SyslogFacility = "local6";
 </Output>