https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4734121#M578694 <P><FONT face="helvetica">Hi Experts,</FONT><BR /><BR /><FONT face="helvetica">The remote logging targets has been configured and required logging categories are assigned to this remote logging target.</FONT><BR /><FONT face="helvetica">For which ISE node is the syslog port needs to be opened on firewall? Its going to be port UDP/514 for MnT or PAN?</FONT><BR /><FONT face="helvetica">Since, this is a fully distributed deployment need some kind of confirmation on the approach.</FONT><BR /><BR /><FONT face="helvetica">Any pointers will be helpful.</FONT></P> Wed, 07 Dec 2022 15:04:59 GMT dgaikwad 2022-12-07T15:04:59Z https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4734121#M578694 <P><FONT face="helvetica">Hi Experts,</FONT><BR /><BR /><FONT face="helvetica">The remote logging targets has been configured and required logging categories are assigned to this remote logging target.</FONT><BR /><FONT face="helvetica">For which ISE node is the syslog port needs to be opened on firewall? Its going to be port UDP/514 for MnT or PAN?</FONT><BR /><FONT face="helvetica">Since, this is a fully distributed deployment need some kind of confirmation on the approach.</FONT><BR /><BR /><FONT face="helvetica">Any pointers will be helpful.</FONT></P> Wed, 07 Dec 2022 15:04:59 GMT https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4734121#M578694 dgaikwad 2022-12-07T15:04:59Z https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4734207#M578699 <P>If you looking to send all logs to syslog, i would add all nodes IP in Firewall to allow syslog port you configured on each device to send logs.</P> <P>&nbsp;</P> Wed, 07 Dec 2022 17:21:54 GMT https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4734207#M578699 balaji.bandi 2022-12-07T17:21:54Z https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4734659#M578714 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/224506">@dgaikwad</a>,</P> <P>You need to allow all ISE nodes to send syslog messages. You can see that in <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_0110.pdf" target="_self">Cisco ISE Port Reference</A>. You can <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/admin_guide/b_ise_admin_3_2/b_ISE_admin_32_deployment.html#reference_24E777B290D24A7C981CAAD82F889CA3" target="_self">configure</A> port and protocol when defining Remote Logging Target (by default it is UDP/514).</P> <P>Kind regards,</P> <P>Milos</P> Thu, 08 Dec 2022 08:26:49 GMT https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4734659#M578714 Milos_Jovanovic 2022-12-08T08:26:49Z https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4739569#M578839 <P><FONT face="helvetica" color="#003366">Yes, this configuration makes sense, the ports document shows the same.</FONT><BR /><FONT face="helvetica" color="#003366">As per design all the nodes are sending syslog individually to MnT nodes, thus if the same copy us to be sent to external remote logging target then the ports for all the nodes are to be allowed to syslog server.</FONT></P> Thu, 15 Dec 2022 10:20:57 GMT https://community.cisco.com/t5/network-access-control/remote-logging-targets-and-ise/m-p/4739569#M578839 dgaikwad 2022-12-15T10:20:57Z