Govroam

The Roaming solution for the public sector

User Tools

Site Tools

You are here: start » siteadmin » fticks_logging_for_cisco_ise
siteadmin:fticks_logging_for_cisco_ise

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
siteadmin:fticks_logging_for_cisco_ise [2024/05/16 08:40] adminsiteadmin:fticks_logging_for_cisco_ise [2024/05/20 12:37] (current) admin
Line 1: Line 1:
 ======Logging for Cisco ISE====== ======Logging for Cisco ISE======
 +
 +**NOTE: This is untested.**
 +
 +**This only applies to Federation Operators and not to individual sites**
  
 Unfortunately ISE can't generate custom logs in the format required (FTICKS) but, fortunately, it can generate syslog logs with the right information, which can be sent to a syslog server and munged into a suitable format. Unfortunately ISE can't generate custom logs in the format required (FTICKS) but, fortunately, it can generate syslog logs with the right information, which can be sent to a syslog server and munged into a suitable format.
Line 108: Line 112:
   * Install [[https://nxlog.co/products/nxlog-community-edition|NXLog CE]] on Windows   * Install [[https://nxlog.co/products/nxlog-community-edition|NXLog CE]] on Windows
   * Use this configuration (with paths changed appropriately)   * Use this configuration (with paths changed appropriately)
 +
 +**Note: This doesn't actually send the logs in FTICKS format but it does send them in a format which Jisc can convert to FTICKS. However, it's absolutely critical that the FedID is set correctly** 
  
 <code> <code>
Line 138: Line 144:
     Port  514     Port  514
     <Exec>     <Exec>
-      if $SyslogFacility != "local6" drop();+      if $SyslogFacility != "local0" drop();
       if $raw_event !~ /CISE_Passed_Authentications/ drop();       if $raw_event !~ /CISE_Passed_Authentications/ drop();
-      $FedID="0X000"; # Set this to the Federation ID provided by Jisc+      $FedID="XXXXX"; # Set this to the Federation ID provided by Jisc 
 +      $SyslogFacility = "local6";
     </Exec>     </Exec>
 </Input> </Input>
Line 163: Line 170:
     OutputType  Syslog_TLS     OutputType  Syslog_TLS
     Exec        to_syslog_ietf();     Exec        to_syslog_ietf();
-    Exec        $SyslogFacility = "local6"; 
 </Output> </Output>
  
Line 173: Line 179:
 </code> </code>
  
-  * Change 0X000 to the supplied Federation ID.+  * Change XXXXX to the supplied Federation ID.
   * Change the 'Host' in 'Input tcp_ise' to the address of the syslog server.   * Change the 'Host' in 'Input tcp_ise' to the address of the syslog server.
   * (Ignore the syslog_tls part, that's for future use)   * (Ignore the syslog_tls part, that's for future use)
siteadmin/fticks_logging_for_cisco_ise.1715848813.txt.gz · Last modified: 2024/05/16 08:40 by admin