Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Viewing all articles
Browse latest Browse all 5385

Re: CISCO ISE AND LEM

$
0
0

Hi paul1gilbert

 

Two things here:

1. You need to increase the size of the buffer that sends Cisco ISE to the LEM.  I unfortunately do not have a handy screenshot from Cisco's console to show you (If you do this it would be great if you shared a screenshot).  Make the buffer of what is sent via syslog as large as possible.  The reason for this is the Cisco did not stay within the 1024 RFC for syslog and as such it breaks all the lines up separately which makes it a pure pain to pull them all back together.  Once you get that changed then you move onto the second item.

2. In this situation I would configure Cisco ISE by hand instead of doing a scan for new nodes.  it will be quicker since you already know you have a Cisco ISE.  Otherwise what you are doing is sending a sample of log lines through every single connector to figure out which one it might match.

 

Also look at checklogs from the cmc to see if the logs are actually getting to local6

 

Hope that helps out.


Viewing all articles
Browse latest Browse all 5385

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>