All Apps and Add-ons

Cisco ISE App/Add-On

plao
Explorer

Looking at the Cisco ISE App/Add_On

The logging level is by default set to debug

I cannot find a file which shows me debug logs for this TA?

/var/log/splunk does not have any specific file for ISE and in /splunk/etc/apps/Splunk_TA as well, there is no file for logs?


Thanks!

 

plao_0-1740067191878.png

 

Labels (1)
0 Karma
1 Solution

livehybrid
Super Champion

Hi @plao 

The config you've shown shows that it uses a UDP input, therefore I would not expect to see any ISE specific log sources in your logs.

Is there any issue that you are experiencing that you need additional debug logs for?

Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped.
Regards

Will

View solution in original post

livehybrid
Super Champion

Hi @plao 

The config you've shown shows that it uses a UDP input, therefore I would not expect to see any ISE specific log sources in your logs.

Is there any issue that you are experiencing that you need additional debug logs for?

Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped.
Regards

Will

plao
Explorer

Hi

We are working on a Cisco Sec+Splunk course, using the new Cisco Security Cloud App as well as coverage for the old apps like the Cisco ISE App/Add-on. In this course, we have a troubleshooting section, so for ISE, just checking if there are any ISE logs in Splunk for troubleshooting the App/Add-On

 

Thanks!

0 Karma

plao
Explorer

Thanks .. I only see from SNA app 

plao_0-1740071199834.png

 

 

0 Karma

plao
Explorer

plao_0-1740071270229.png

 

0 Karma

plao
Explorer

plao_0-1740070779732.png

 

0 Karma

plao
Explorer
0 Karma

Cievo
Path Finder

Have look at this DOCUMENTATION PAGE. Debugging logs should be send into _internal index. Look at that index.

 

0 Karma

Cievo
Path Finder

Are you talking about this APP?

If so, I don't think is application has it's own debugging log file.

 

0 Karma
Get Updates on the Splunk Community!

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

Enterprise Security Content Update (ESCU) | New Releases

In April, the Splunk Threat Research Team had 2 releases of new security content via the Enterprise Security ...