Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
740
Views
0
Helpful
3
Replies

Number of External Syslog servers supported on ISE

Go to solution
Aastha Chaudhary
Cisco Employee
Cisco Employee

‎12-14-2018 02:27 PM

Hi Team,

 

I have a customer enquiring about the maximum number of Remote Logging Targets supported by ISE. Of course, this number would be dictated by the size of the deployment, however are there any performance numbers available we can share with customer. They currently have 7 Logging  Targets enabled -

 

Primary MNT
Secondary MNT
Bay Dynamics
ArcSight
2.2 ISE Node as an External Syslog
2.3 ISE Node as an External Syslog
Profiler RADIUS Probe

TACACS Authentication/Day = 3.1 million 
RADIUS Authentications/Day = 286,000

Please advise.

 

Thanks,
Aastha

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎12-14-2018 03:40 PM

I don't believe we have specific numbers on this and reached out to someone who may have an answer to provide answer.  However, have you considered using external host such as UDP duplicator or syslog-ng to duplicate the syslog messages? If this is distributed deployment, each PSN nodes may source syslog traffic which means you may need to configure your syslog receivers for all ISE IP addresses, but by using single host to duplicate/proxy, it may save network bandwidth and from complex configuration.

View solution in original post

0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎12-17-2018 02:32 AM

As Hosuk mentioned, we do not have any performance numbers for max syslog targets But we do have close to 15 external syslog collectors configured in our test network. 

Thanks,

Nidhi

 

View solution in original post

0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎12-17-2018 02:32 AM

As Hosuk mentioned, we do not have any performance numbers for max syslog targets But we do have close to 15 external syslog collectors configured in our test network. 

Thanks,

Nidhi

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
howon
Cisco Employee
Cisco Employee

‎12-14-2018 03:40 PM

I don't believe we have specific numbers on this and reached out to someone who may have an answer to provide answer.  However, have you considered using external host such as UDP duplicator or syslog-ng to duplicate the syslog messages? If this is distributed deployment, each PSN nodes may source syslog traffic which means you may need to configure your syslog receivers for all ISE IP addresses, but by using single host to duplicate/proxy, it may save network bandwidth and from complex configuration.

0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎12-17-2018 02:32 AM

As Hosuk mentioned, we do not have any performance numbers for max syslog targets But we do have close to 15 external syslog collectors configured in our test network. 

Thanks,

Nidhi

 

0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎12-17-2018 02:32 AM

As Hosuk mentioned, we do not have any performance numbers for max syslog targets But we do have close to 15 external syslog collectors configured in our test network. 

Thanks,

Nidhi

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents