Cisco Logging Mechanism
Cisco provides a logging mechanism that is used for auditing, fault management, and troubleshooting. The logging mechanism helps you to identify fault conditions in deployed services and troubleshoot issues efficiently. It also produces logging output from the monitoring and troubleshooting primary node in a consistent fashion.
You can configure a Cisco ISE node to collect the logs in the local systems using a virtual loopback address. To collect logs externally, you configure external syslog servers, which are called targets. Logs are classified into various predefined categories. You can customize logging output by editing the categories with respect to their targets, severity level, and so on.
Configuring network devices to send syslogs into the ISE MnT node is not a best practice as this could result in the loss of some NAD syslogs. Only ISE should be sending updates to the MnT node.
If the Monitoring node is configured as the syslog server for a network device, ensure that the logging source sends the correct network access server (NAS) IP address in the following format:
<message_number>sequence_number: NAS_IP_address: timestamp: syslog_type: <message_text>
Otherwise, this might impact functionalities that depend on the NAS IP address.
Configure Local Log Purge Settings
Use this process to set local log-storage periods and to delete local logs after a certain period of time.
In the Local Log Storage Period field, enter the maximum number of days to keep the log entries in the configuration source.
Click Delete Logs Now to delete the existing log files at any time before the expiration of the storage period.