Created
August 7, 2014 15:12
-
-
Save liveaverage/50e30d49bb93151f0576 to your computer and use it in GitHub Desktop.
Sample Syslog-NG config excerpt for handling ISE syslog messages > CDA identity servers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Filter out ISE hosts that should be sending specific messages for Device/IP association: | |
| filter f_ise_host { ( | |
| host("4.4.4.4") or | |
| host("8.8.8.8") or | |
| host("ise01") or | |
| host("ise02") | |
| ); | |
| }; | |
| ### The username and Framed-IP we're looking for are in the watchdog updates AFTER accounting "start" msgs: | |
| filter f_ise_auth { match(".*RADIUS Accounting watchdog update.*" value ("MESSAGE")); }; | |
| destination d_NS_ISE { file("/var/log/syslog-ng/NS_logs/NS_ISE/$SOURCEIP/$SOURCEIP.log"); }; | |
| destination d_NS_pythonCDA { | |
| program("/usr/local/cda/update_cda.py" | |
| template("$MSG\n") | |
| flags(no_multi_line) | |
| flush_lines(1) | |
| flush_timeout(1000) | |
| ); | |
| }; | |
| log { source(s_network); | |
| filter(f_ise_host); | |
| filter(f_ise_auth); | |
| destination(d_NS_ISE); | |
| destination(d_NS_pythonCDA); | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment